|TRANS UNION OF CANADA, INC.|
PRIVACY FACTS NOTICE
|(Last updated June 2014)|
For information about how to request access to, or dispute the accuracy of, your personal information in our files, please visit our website or contact us as described above.
“cookies” are small text files offered to a user's computer by web servers in order to keep track of the user's browser as a website is navigated.
“personal information” means any information about an identifiable individual.
“principals” means individuals that own and/or are involved in the management of a business.
“us”, “we”, “our” and “TransUnion” means Trans Union of Canada, Inc.
“Website” means the website operated by TransUnion and located at http://www.transunion.ca and, for clarity, does not include the websites hosted and operated by TransUnion Interactive, Inc. or Trans Union LLC.
TransUnion is a credit information and analytics company and a licensed consumer credit reporting agency operating across Canada. We were formed in 1989 with the goal of offering the highest quality consumer credit-related products and services to the Canadian market. Today, we serve both consumers and the business community by providing consumer and business credit information, fraud and identity management services and risk management and analytics tools to help our customers make decisions and to help consumers manage their credit.
Long before the federal Personal Information Protection and Electronic Documents Act came into force in 2001, TransUnion was regulated by provincial consumer reporting legislation designed to protect the privacy of credit information and to ensure the fairness and accuracy of credit-reporting systems. Therefore, TransUnion has a long history of commitment to maintaining and providing accurate and up-to-date credit information and to safeguarding the credit information in our control.
An Overview of Our Business
We facilitate consumer transactions by providing consumer credit information to our customers, which include banks, credit-card companies, finance companies and other institutions. By their nature, our services must include some personal information about consumers. Accordingly, we regularly collect, use and disclose personal credit information of Canadian consumers. Credit grantors and other institutions provide TransUnion with factual information about how their customers pay their bills and other debts. Credit reporting agencies, such as TransUnion, compile and assemble this information, along with public record information, into a "file" for each consumer. In return, credit grantors and authorized institutions, pursuant to the applicable provincial consumer reporting legislation, are able to obtain credit reports about consumers.
We facilitate commercial transactions by providing business credit information to our customers. While these services generally only contain credit information about businesses, certain personal information may be provided in a business credit report about the principals of the business, such as name, address, phone number and percentage ownership in the business. Due to the segregation of the consumer and business databases, the limited personal information in business reports does not include the personal credit information of the principals; customers may separately request a consumer credit report about the principals of the business.
Our Collection Practices
We primarily collect your personal information from the following sources:
If you call us, we may record and retain the recording to ensure the accuracy of our discussions and for quality control and record keeping purposes.
We may use video surveillance in and around our walk-in locations for the safety of our customers and employees, and to protect against theft, property damage and fraud.
Information We Collect
Consumer Credit Reports: TransUnion’s consumer credit reports may contain the following personal information:
Business Credit Reports: Although TransUnion’s business reports generally only contain credit information about businesses, they may contain personal information about the principals of the business such as name, address, phone number and percentage ownership in the business.(b) Identification Requirements
We also collect other information you have provided to confirm your identity, which we maintain for quality control and authentication purposes. This information may include copies of, or information from, your driver's licence, birth certificate, passport, credit cards, signature, photograph, copies of bills or correspondence or proof of business ownership. This information is not part of your credit report.(c) Other Information
We may also collect:
TransUnion credit reports do not contain:
While TransUnion may furnish credit or other scores to its customers based on the information contained in a consumer or business credit file, the score itself does not form part of the credit file. TransUnion does not maintain or update scores in individual consumer credit files.
Our Use and Disclosure of Your Personal Information
We limit our use of personal information to those purposes which have been disclosed to the individual by us or our customers and for which appropriate consents have been obtained, or for purposes which are otherwise permitted by law. In connection with our credit reporting services, we do not have direct relationships with individual consumers or principals. Accordingly, we require our credit-granting and other customers to inform individuals of the purposes for which they are providing personal information to TransUnion, or accessing personal information from TransUnion, and to obtain appropriate consent at the time the information is collected from the individual and/or prior to its use or disclosure by TransUnion. We also require our customers to limit the use of personal information obtained from TransUnion to purposes that are permitted by law.
TransUnion uses and discloses personal information in the following circumstances:
In addition, we may provide anonymous information (i.e., information that does not identify individual consumers or principals) in the form of aggregate or demographic data to our clients or service providers. We may also generate and use anonymous information to develop, enhance or validate our products, processes or services. Personal information will necessarily be used to generate anonymous information and, when required, to research, validate and test the use of anonymous information in such processes, products, services and enhancements.
We also provide a suite of authentication services to assist our customers in identifying potentially fraudulent transactions. In the course of providing these services, we may use personal information contained in our credit files to see if it matches the information that has been provided by an applicant, typically to credit granting institutions or merchants. When we provide our authentication services, we typically do not disclose credit information; instead we use the consumer’s credit file to check the information internally. While preventing fraud is in everybody’s best interest, these services may directly benefit consumers if someone is attempting to pose as the consumer by misappropriating the consumer’s identity and personal credit information.
We collect, use and disclose personal information when the individual is aware of the purposes for which the information will be used or disclosed, and has given his or her consent to such use or disclosure, except where collection, use or disclosure of personal information without consent is permitted or required by law.
In most cases, individuals will not provide such consent directly to TransUnion, but to our customers. We require our customers to obtain consent prior to providing TransUnion with personal information, and prior to accessing the personal information contained in our credit files.
We have appointed both a Compliance Manager and a Chief Privacy Officer to oversee our compliance with the privacy principles established by the federal Personal Information Protection and Electronic Documents Act, and with provincial privacy and credit reporting legislation. However, protecting personal information does not begin and end there: we are committed to fostering a sense of responsibility amongst our employees for protecting the privacy and accuracy of personal information while it is in our care.
Likewise, our customers have obligations to individuals when accessing personal information from us or providing personal information to us. We have processes in place to encourage our customers to comply with applicable law and obtain the necessary consents. Such processes include entering into binding agreements with our customers and conducting random audits of our customers’ internal procedures; however, the responsibility for customers’ compliance ultimately rests with them.
Our Safeguarding Practices
We take the protection of personal information seriously. TransUnion has implemented a security program that is aligned with industry best practices and has appointed a Security Manager to oversee our security program. We have adopted procedures to secure storage of personal information and are committed to working with our customers to protect the security of personal information during any transfer to or from us. We have also instituted a number of safeguards to identify and prevent the fraudulent use of personal credit information. TransUnion uses firewall technology to protect its data from would-be intruders and has implemented other safeguards to secure information such as passwords, encryption, antivirus software and physical security measures. Our authorized employees and representatives will have access to your personal information to the extent necessary to perform their job functions.
Fraud affects us all, which is why we co-operate, to the full extent of our ability and to the extent permitted by law, with law enforcement officials to identify and prevent fraud.
Retention of Your Personal Information
TransUnion retains your personal information in our credit information database for as long as necessary to fulfill the purpose(s) for which it was collected and to comply with applicable laws. Please refer to Frequently Asked Questions on the Website for more information about how long TransUnion retains consumer credit information on file.
TransUnion may delete personal information reported about you by a data supplier if our relationship with the data supplier comes to an end. The end of a data supplier relationship may impede our ability to maintain a current and accurate credit file and/or carry out our investigation procedures. We may delete personal information in these circumstances to ensure that your credit file remains as accurate, complete and up-to-date as possible. Please review our website at www.transunion.ca for additional information.
Access and Accuracy of Credit Reports
As a consumer reporting agency formed more than 20 years ago, TransUnion has a mature consumer solutions group that welcomes consumer access and/or correction requests, and addresses any other questions or concerns. For information on how to request a copy of your consumer credit file or dispute or update your personal credit information, please visit the Website.
When gathering personal information, we work with our customers and data suppliers to increase their awareness of the importance of providing only personal information that is accurate and up-to-date. However, TransUnion cannot alter the information reported by our customers or data suppliers, unless the information is determined to be wrong, incomplete or otherwise inaccurate. If you do not agree with the accuracy of the information TransUnion has on file, we have procedures to ensure that such information is verified, and, where appropriate, amended or corrected. We also have an established complaint procedure to address consumer concerns and to ensure any inquiries and complaints are appropriately investigated and addressed.
Please contact our Consumer Relations Centre using the contact information below. Our Consumer Relations Centre is staffed by trained personnel who can assist with your inquiries. You may also direct your inquiry or request directly to our Compliance Manager or our Chief Privacy Officer. We may require that you put any request for access or correction in writing.
Consumers can also visit our website at www.transunion.ca.
For service in French:
TransUnion Telephone: (877) 713-3393 or (514) 335-0374
1 Place Laval, Suite 370,
Laval, PQ H7N 1A1
Hours of operation: 8:30 a.m.-5:00 p.m. ET (Monday -Thursday)
8:30 a.m. - 4:30 p.m. ET (Friday)
For service in English:
TransUnion Telephone: (800) 663-9980
PO Box 338 LCD1, E-mail: firstname.lastname@example.org
Hamilton, ON L8L 7W2
Hours of Operation: 8:00 a.m.- 8:00 p.m. ET
When a customer bases its decision to deny credit to an individual in part on information received from TransUnion, the customer has a statutory obligation to inform the individual that it obtained the credit information from us. In this situation, Customers must provide individuals who are declined credit with TransUnion’s contact information so that the individual can verify the content of his credit file and, if necessary, request that information be amended or deleted. TransUnion does not play a role in the decision to deny or advance credit, and accordingly, the individual should deal directly with the institution for more information on the denial of credit.
Inquiries are a statement of fact to the consumer and other recipients of the consumer credit file that a TransUnion customer requested information contained in the consumer’s credit report on a particular date. Inquiries also provide a phone number for the consumer to contact the inquiring customer for further information on the pull. By posting inquiries, TransUnion is reporting certain details about the inquiring customer (such as name and phone number) in compliance with its obligations under consumer reporting legislation. However, inquiries reveal no information about the underlying debt or obligation, if any. Please refer to Frequently Asked Questions on the Website for more information about how long TransUnion retains inquiries on file.
Protecting Yourself from Identity Theft
Identity theft is one of Canada’s fastest growing crimes, and one which the victim may not discover until long after significant damage has been done to his or her credit report. There are a variety of ways that you could fall victim to this crime, including “phishing” (seemingly genuine, but forged, e-mails purportedly sent from a reputable company that require you to provide personal information in a linked website or risk losing certain benefits from that company), and “Dumpster diving” (where individuals sort through garbage looking for bank statements, invoices, etc., that reveal an individual’s personal information).
The best way to guard against identity theft is to learn about this crime in order to identify suspicious activity. Please visit our Website at www.transunion.ca for tips on how to protect yourself.
TransUnion's Website makes use of "per-session" cookies. Unlike "persistent" cookies, which are stored on a user's hard drive and can last indefinitely, per-session cookies are stored only in a browser's temporary memory and are deleted when the browser is shut down.
When users visit our Website, our web server offers the user's browser a per-session cookie. As the Website is navigated, this cookie is read back to our web server, allowing us to generate an anonymous "click trail" profile of the visit. From the aggregated information about visits, TransUnion learns how visitors interact with its Website, how the Website design and content can be improved, and how visitors' experiences can be improved.
TransUnion does not link, share or associate the contents of the per-session cookie with any other information in a way that would enable the identification of visitors to our Website. Nor do we track or link together multiple visits by any single user over time. Our per-session cookies cannot be "read" by any other web servers, so users cannot be tracked or profiled using TransUnion's cookies if they visit multiple sites on the Internet.
Some browsers can be set to reject all cookies. If a user chooses to modify a browser in this manner, some pages of our Website may not function properly.
IP Addresses and Server Logs
Unique Internet Protocol (IP) addresses are assigned to all Internet users by their Internet Service Providers (ISPs). IP addresses do not directly identify Internet users; however, through an ISP, an IP address may be linked to a particular user.
During a visit to a website, certain information about a user's traffic patterns, linked with the user's IP address, is passively and automatically collected in the normal course of establishing and maintaining a website connection. This information is logged by the web server of the website that is visited.
The following information is logged by TransUnion's web servers during visits to our Website: IP addresses, type of operating system, time and duration of visit, web pages visited and browser type. We do not link server log information to any other information in a way that would enable the identification of visitors to our Website. Server log information is analysed by us in order to improve our Website and to customize the Website for users. In addition, from time to time, server logs may be reviewed for security purposes; for example, to detect unauthorized activity on our Website. In such cases, server log data, containing IP addresses, would be shared with law enforcement bodies in order that they may identify users in connection with their investigation of the unauthorized activities.
Links to Third Party Sites
Last revised June 2014.