Skip to main content

TransUnion Information Solutions, Inc.

Privacy Guidelines

1. Statement of Guidelines

Protecting consumer privacy is important to TransUnion Information Solutions, Inc. (TUPH).

This Privacy Guidelines sets out the commitment of TUPH to collect and process personal information and sensitive personal information (collectively, "personal information") in accordance with the applicable laws and regulations on data privacy, including the Philippine Data Privacy Act of 2012 and its implementing rules and regulations.

As part of this commitment, these guidelines govern TUPH's actions as they relate to the collection, use, disclosure and retention of personal information.

2. Who We Are and What Do We Do?

TransUnion is the largest private credit information bureau in the Philippines which has established a computer facility for assembling, analyzing, processing, and disseminating credit information and other relevant information for the purpose of, but not limited to, reviewing credit portfolio, furnishing credit reports and scores, providing credit decision support services and other related services to different financial institutions including, but not limited to, banks, credit card companies, financial intermediaries, non-bank financial institutions, insurance companies, telecommunications companies, utility companies, real estate developers, automobile dealers, government financial institutions, and government owned or controlled corporations.

Personal information is collected by TUPH from its members which include but not limited to banks, credit card companies, financial intermediaries, non-bank financial institutions, insurance companies, telecommunications companies, utility companies, real estate developers, automobile dealers, government financial institutions, and government owned or controlled corporations.

3. What Data Do We Collect and What is the Purpose?

TUPH obtains information to update its consumers’ files that have relevance to a consumer’s credit history and assists in ensuring the reporting of accurate information. This information is collected through fair and lawful means through its subscribers, data subjects or the public domain. The data we collect may include the following:

1. Name Segment
  1. First Name
  2. Middle Name
  3. Last Name
  4. Mother’s maiden full name
  5. Civil Status
  6. Date of Birth
  7. Gender
  8. Nationality
  9. No. of dependents
  10. Home Ownership
  11. Car Ownership
  12. Acct holder type
  13. Dispute
2. ID Information
  1. ID number
  2. ID Type
3. Alias information if applicable
  1. First name
  2. Middle Name
  3. Last name
  4. Mother maiden full name
4. Address
  1. Address
  2. Address type
5. Phone
  1. Phone number
  2. Phone number type
6. Email
  1. Email
7. Employment
  1. Company name
  2. Nature of business
  3. Employment type
  4. Occupation
  5. Length of employment in years
  6. Length of employment in months
  7. Currency code and consumer annual income
8. Education
  1. Educational Level
9. Account segment (for Telco and Utilities)
  1. Acct number/ Card number
  2. Account status
  3. User ID ( to be provided by TU )
  4. Account type
  5. Currency Code
  6. Opened date
  7. Payment amount
  8. Closed date if applicable
  9. Reported date
  10. Credit Limit/ Plan Limit
  11. Shared by
  12. Outstanding balance
  13. Interest and fees
  14. Number of days past due
  15. Past due amount
  16. Consumer or Commercial plan
  17. Legal action info

We collect your personal information for different purposes. For example, we may use it in the following ways:

  • to communicate with you and internal parties, on a strict need to know basis, regarding your credit report inquires and/or complaints;

  • to update our consumer credit database;

  • to verify your identity;

  • to prevent fraud and unauthorized disclosures of your personal information;

  • to record and demonstrate how we have conducted the dispute and complaint resolution process and arrived at a resolution;

  • to comply with legal requirements;
  • for research and development of products; and
  • to conduct surveys and analytics.

 

4. How Do We Collect Your Data?

TUPH is committed to the principle that the knowledge and consent of the consumer are required for the collection, use or disclosure of personal information, except where authorized by law or as ordered by the court. All TransUnion subscribers must obtain and secure the consumer’s authorization to release information before they can share any information about a consumer to TUPH.

5. How Do We Use Your Data and To Whom Do We Disclose the Same?

TUPH shall not use or disclose personal information for purposes other than those for which it was collected, unless (i) with the consent of the consumer, (ii) the sharing of information is pursuant to an agreement between the parties or (iii) as required by law or ordered by the court.

We use your data for the purpose of, but not limited to:

  • Furnishing Credit Reports and Scores;

  • Credit investigation;

  • Credit Reference Checks;

  • Update Our Consumer Credit Database;

  • Providing Fraud and Identity Verification services;

  • Delivering consumer information, lists, and other marketing products;

  • Providing Credit Decision Support Services;

  • Providing related services to TUPH Subscribers;
  • For research and development of products; and
  • To conduct surveys and analytics 

 

We disclose the data to all TUPH subscribers or members, including but not limited to, banks, credit card companies, financial intermediaries, non-bank financial institutions, insurance companies, telecommunications companies, other utility companies, real estate developers, automobile dealers, health maintenance organizations, government financial institutions, and government owned or controlled corporations.

As a multi-national corporation, personal data so shared to TUPH may be processed, transferred to, used and stored on servers that may be located outside of the Philippines.

6. How Long Do We Retain Your Data?

TUPH adheres to the local privacy regulation and retains personal information for as long as necessary for the fulfillment of the stated purposes herein. After which physical records shall be disposed of through shredding, while digital files shall undergo purge protocols.

7. What are Your Rights Under the Data Privacy Act of 2012?

The Data Subject has the following rights under Republic Act 10173 otherwise known as the Data Privacy Act of 2012:

  • Right to be informed – the data subject has the right to be informed whether personal data pertaining to him or her will be, are being, or were processed. The data subject should be notified by TUPH’s Subscribers and shall give his or her informed consent prior to the collection, processing, sharing and storing of his or personal data.

  • Right to object – the data subject has the right to object to the processing of his or her personal data, including processing for direct marketing, automated processing, or profiling. He or she should be given an opportunity to withhold consent in case of any amendment to the information supplied to the data subject under the right to be informed. The personal information controller (PIC) should not process the personal data without consent unless:

    • The personal data is needed pursuant to subpoena;

    • The collection and processing are for obvious purposes, including, when it is necessary for the performance of or in relation to a contract or service to which the data subject is a party, or when necessary or desirable in the context of an employer-employee relationship between the collector and the data subject; or

    • The information is being collected and processed because of a legal obligation.

  • Right to Access – the data subject has the right to reasonable access to, upon demand of the following:

    • Contents of his or her personal data that were processed

    • Sources from which personal data were obtained

    • Names and addresses of recipients of the personal data

    • Manner by which such data were processed

    • Reasons for the disclosure of the personal data to recipients, if any

    • Information on automated processes where the data will, or is likely to, be made as the sole basis for any decision that significantly affects or will affect the data subject

    • Date when his or her personal data concerning the data subject were last accessed and modified; an

    • The designation, name or identity, and address of the personal information controller

  • Right to erasure or blocking – the data subject has the right to suspend, withdraw or order the blocking, removal, or destruction of his or her personal data from the personal information controller’s filing system. This right may be exercised upon discovery and substantial proof of any of the following:

    • The personal data is incomplete, outdated, false, or unlawfully obtained;

    • The personal data is being used for a purpose not authorized by the data subject;

    • The personal data is no longer necessary for the purposes for which they were collected;

    • The data subject withdraws consent or objects to the processing of his or her information, and there is no other legal ground or overriding legitimate interest for the processing;

    • The personal data concerns private information that is prejudicial to data subject, unless justified by freedom of speech, of expression, or of the press or otherwise authorized;

    • The processing is unlawful; or

    • The personal information controller or personal information processor violated the rights of the data subject;

  • Right to damages – The data subject should be indemnified for any damages sustained due to such false, incomplete, outdated, unlawfully obtained, or unauthorized use of personal data, considering any violations of his or her rights and freedom as a data subject.

8. How We Secure and Protect Your Data?

TUPH implements strict security measures that ensure the availability, integrity, and confidentiality of Personal Data, including but not limited to the implementation of reasonable and appropriate organizational, physical, technical, administrative, procedural and security measures to protect Personal Data against any loss, unauthorized use, access or disclosure and Security Breach as prescribed in the Data Privacy Act, its IRR, and circulars issued by the NPC.

9. Feedback on our Privacy Guidelines

If you have comments with regards to this Privacy Guidelines, you may reach TUPH through:

Via mail –
Data Protection Officer (DPO)
TransUnion Information Solutions, Inc.
19th Floor, Ayala Triangle Gardens Tower 2
Paseo de Roxas cor. Makati Avenue, Makati City
Philippines 1226

Via electronic email - 
Email: dataprivacyph@transunion.com

Or call hotline – +63 2 8858-0426

Updated as of June 2024