Protecting consumer privacy is important to TransUnion Information Solutions, Inc. (TUPH).
This Privacy Guidelines sets out the commitment of TUPH to collect and process personal information and sensitive personal information (collectively, "personal information") in accordance with the applicable laws and regulations on data privacy, including the Philippine Data Privacy Act of 2012 and its implementing rules and regulations.
As part of this commitment, these guidelines govern TUPH's actions as they relate to the collection, use, disclosure and retention of personal information.
TransUnion is the largest private credit information bureau in the Philippines which has established a computer facility for assembling, analyzing, processing, and disseminating credit information and other relevant information for the purpose of, but not limited to, reviewing credit portfolio, furnishing credit reports and scores, providing credit decision support services and other related services to different financial institutions including, but not limited to, banks, credit card companies, financial intermediaries, non-bank financial institutions, insurance companies, telecommunications companies, utility companies, real estate developers, automobile dealers, government financial institutions, and government owned or controlled corporations.
Personal information is collected by TUPH from its members which include but not limited to banks, credit card companies, financial intermediaries, non-bank financial institutions, insurance companies, telecommunications companies, utility companies, real estate developers, automobile dealers, government financial institutions, and government owned or controlled corporations.
TUPH obtains information to update its consumers’ files that have relevance to a consumer’s credit history and assists in ensuring the reporting of accurate information. This information is collected through fair and lawful means through its subscribers, data subjects or the public domain. The data we collect may include the following:
1. Name Segment |
|
---|---|
2. ID Information |
|
3. Alias information if applicable |
|
4. Address |
|
5. Phone |
|
6. Email | |
7. Employment |
|
8. Education |
|
9. Account segment (for Telco and Utilities) |
|
We collect your personal information for different purposes. For example, we may use it in the following ways:
to communicate with you and internal parties, on a strict need to know basis, regarding your credit report inquires and/or complaints;
to update our consumer credit database;
to verify your identity;
to prevent fraud and unauthorized disclosures of your personal information;
to record and demonstrate how we have conducted the dispute and complaint resolution process and arrived at a resolution;
TUPH is committed to the principle that the knowledge and consent of the consumer are required for the collection, use or disclosure of personal information, except where authorized by law or as ordered by the court. All TransUnion subscribers must obtain and secure the consumer’s authorization to release information before they can share any information about a consumer to TUPH.
TUPH shall not use or disclose personal information for purposes other than those for which it was collected, unless (i) with the consent of the consumer, (ii) the sharing of information is pursuant to an agreement between the parties or (iii) as required by law or ordered by the court.
We use your data for the purpose of, but not limited to:
Furnishing Credit Reports and Scores;
Credit investigation;
Credit Reference Checks;
Update Our Consumer Credit Database;
Providing Fraud and Identity Verification services;
Delivering consumer information, lists, and other marketing products;
Providing Credit Decision Support Services;
We disclose the data to all TUPH subscribers or members, including but not limited to, banks, credit card companies, financial intermediaries, non-bank financial institutions, insurance companies, telecommunications companies, other utility companies, real estate developers, automobile dealers, health maintenance organizations, government financial institutions, and government owned or controlled corporations.
As a multi-national corporation, personal data so shared to TUPH may be processed, transferred to, used and stored on servers that may be located outside of the Philippines.
TUPH adheres to the local privacy regulation and retains personal information for as long as necessary for the fulfillment of the stated purposes herein. After which physical records shall be disposed of through shredding, while digital files shall undergo purge protocols.
The Data Subject has the following rights under Republic Act 10173 otherwise known as the Data Privacy Act of 2012:
Right to be informed – the data subject has the right to be informed whether personal data pertaining to him or her will be, are being, or were processed. The data subject should be notified by TUPH’s Subscribers and shall give his or her informed consent prior to the collection, processing, sharing and storing of his or personal data.
Right to object – the data subject has the right to object to the processing of his or her personal data, including processing for direct marketing, automated processing, or profiling. He or she should be given an opportunity to withhold consent in case of any amendment to the information supplied to the data subject under the right to be informed. The personal information controller (PIC) should not process the personal data without consent unless:
The personal data is needed pursuant to subpoena;
The collection and processing are for obvious purposes, including, when it is necessary for the performance of or in relation to a contract or service to which the data subject is a party, or when necessary or desirable in the context of an employer-employee relationship between the collector and the data subject; or
The information is being collected and processed because of a legal obligation.
Right to Access – the data subject has the right to reasonable access to, upon demand of the following:
Contents of his or her personal data that were processed
Sources from which personal data were obtained
Names and addresses of recipients of the personal data
Manner by which such data were processed
Reasons for the disclosure of the personal data to recipients, if any
Information on automated processes where the data will, or is likely to, be made as the sole basis for any decision that significantly affects or will affect the data subject
Date when his or her personal data concerning the data subject were last accessed and modified; an
The designation, name or identity, and address of the personal information controller
Right to erasure or blocking – the data subject has the right to suspend, withdraw or order the blocking, removal, or destruction of his or her personal data from the personal information controller’s filing system. This right may be exercised upon discovery and substantial proof of any of the following:
The personal data is incomplete, outdated, false, or unlawfully obtained;
The personal data is being used for a purpose not authorized by the data subject;
The personal data is no longer necessary for the purposes for which they were collected;
The data subject withdraws consent or objects to the processing of his or her information, and there is no other legal ground or overriding legitimate interest for the processing;
The personal data concerns private information that is prejudicial to data subject, unless justified by freedom of speech, of expression, or of the press or otherwise authorized;
The processing is unlawful; or
The personal information controller or personal information processor violated the rights of the data subject;
Right to damages – The data subject should be indemnified for any damages sustained due to such false, incomplete, outdated, unlawfully obtained, or unauthorized use of personal data, considering any violations of his or her rights and freedom as a data subject.
TUPH implements strict security measures that ensure the availability, integrity, and confidentiality of Personal Data, including but not limited to the implementation of reasonable and appropriate organizational, physical, technical, administrative, procedural and security measures to protect Personal Data against any loss, unauthorized use, access or disclosure and Security Breach as prescribed in the Data Privacy Act, its IRR, and circulars issued by the NPC.
If you have comments with regards to this Privacy Guidelines, you may reach TUPH through:
Via mail –
Data Protection Officer (DPO)
TransUnion Information Solutions, Inc.
19th Floor, Ayala Triangle Gardens Tower 2
Paseo de Roxas cor. Makati Avenue, Makati City
Philippines 1226
Via electronic email -
Email: dataprivacyph@transunion.com
Or call hotline – +63 2 8858-0426