Date Adopted: 30/04/2019
This privacy notice provides information about how we use and share personal data relating to users of our NMPR service. It covers the following topics:
We are TransUnion Information Group (TU UK), which is a group of companies with headquarters at One Park Lane, Leeds, West Yorkshire LS3 1EP. Some of the members of TU UK are listed in section 5 below.
The company which operates the NMPR service is Recipero Limited. Recipero Limited is a controller of the personal data that you provide us with through the NMPR service or if you contact us using the details below. This means that it is responsible for ensuring that the personal data is used fairly and lawfully.
This section explains the purposes for which we use personal data about you. More detail about the types of personal data that we might use for these purposes can be found in section 3 below.
Operating the NMPR service and administering accounts
We use personal data to operate the NMPR service and administer the accounts of people who use it. For example, we hold username and password details in order to control access to the service.
Security and breach reporting
We monitor access to our products in order to help ensure that those products and the data they make available are only accessed by people who are authorised to have access to them. If we detect suspicious activity we may suspend an account and investigate.
Feedback to clients
Sometimes we share data with clients about how their members of staff are using our products - for example, how often their staff member is using a product or what they are using it for. Clients might typically ask for this information for routine product management purposes (such as to decide whether they need to continue buying the product), or for staff management purposes (for example, to check whether their staff are only using the products properly and in the course of their employment).
In some cases, such as where the information shows misconduct on the part of a client's member of staff, the information we give to clients might be used against the relevant staff member as part of a disciplinary process.
Monitoring and improving our products
We use information such as how different people use our products, how long they spend on particular tasks and what sort of information they obtain in order to help customise and improve the products.
This information is also used for security and system administration and to generate aggregate non-personalised information for use by us or our clients.
Product or systems development and testing
We may sometimes use personal data while improving, developing or testing our products and systems. This includes making sure that our security measures are working properly. Where possible, we will anonymise or pseudonymise the data before doing this.
Legal and regulatory purposes
We may use your personal data for legal and regulatory purposes. For example, this might include responding to complaints or enquiries from you or a regulator about how we have used your personal data.
We obtain and use information from various different sources. These are summarised in the following table.
|Type of information||Description||Source|
|Basic information about you and how to contact you||This is information such as your name, email address and job title.||We obtain this information from you or your employer when we set up your account or when we are subsequently told that the information has changed.|
|Login credentials||This is your username, password and other information used to control access to the product.|
|Product usage||This is information about how and when you use the NMPR service. It includes information about the dates and times on which you accessed it, the IP address you accessed it from, and how you used the service when you were logged in.||We obtain this information by monitoring your use of the NMPR service.|
|Other information you provide||If you or another user adds any other information about yourself in the NMPR service, we will hold this information too.||We obtain this information from you or other users of the NMPR service.|
It is mandatory for you to provide us with your personal data in order for us to be able to provide our products correctly.
This section explains the basis on which we process your personal data in connection with the products.
The UK's data protection law allows the use of your personal data where necessary for legitimate purposes provided that this isn't outweighed by the impact it has on you. The law calls this the "legitimate interests" condition for processing personal data.
The legitimate interests we are pursuing are:
|Making our products and services available to clients||We need to make our products and services available to clients in order for our business to function.|
|Developing and improving our products||We have an interest in improving our products in order to help ensure that we remain competitive.|
|Monitoring and securing our systems and data||Some of the ways we use personal data are justified by the need to ensure that our systems and the data we make available through the website are kept secure and only made available to the correct people.|
|Maintaining our relationships with our clients||We have an interest in developing and maintaining good relationships with our clients.|
|Commercial interests||Like any commercial organisation, we seek to earn revenue through the services that we provide to our customers and clients. We achieve this through some of the other activities described above, such as improving our products and maintaining good client relationships.|
Other users of our products and services
Our services are designed to help reunite individuals with their property if it is lost or stolen, to help prevent property from being resold by whoever has it, and to help the reporting property that has been found. In order to do this, we make information (including your identity and information about the property you have registered) to other users of our services, such as police forces and other law enforcement agencies.
Our group companies
We may share your personal data among the members of TU UK where necessary for the purposes specified in section 2. If we do so, then use of the data by those companies will be governed by this privacy notice. A list of relevant TU UK companies is set out below, although the list may be updated from time to time.
|Group company||Main trading address||Registered office|
|TransUnion Information Group Limited (company no. 4968328)||One Park Lane, Leeds, West Yorkshire LS3 1EP||One Park Lane, Leeds, West Yorkshire LS3 1EP|
|TransUnion International UK Limited (company no. 3961870)|
|Recipero Limited (company no. 3794898)|
|Recipero, Inc (company no. 5542430)||720 S. Colorado Boulevard, Penthouse North, Denver, Colorado 80246, USA|
|TransUnion Baltics, UAB (company no. 302689020)||4th Floor, Zalgirio Arena, Karaliaus, Mindaugo pr. 50, Kaunas LT- 44333, Lithuania||Vilniaus m. sav . Vilniaus m. J. Jasinskio g. 16B, LT-01112, Lithuania|
As mentioned in section 2, we may supply information about your use of the product to your employer if they ask us to do so.
We may provide your information to third parties who help us use it for the purposes described in section 2. For example:
These service providers will not be allowed to use your information for their own purposes or on behalf of other organisations, unless you agree otherwise.
If we sell our business to a third party, or go through a corporate reorganisation, we will transfer personal data to the company that acquires the business.
We may sometimes need to pass personal data to a regulator such as the Information Commissioner's Office or the Financial Conduct Authority.
Sharing of anonymised data with third parties
We may share anonymised information with other third parties, but only where the information cannot realistically be identified as relating to you.
We are based in the United Kingdom, and will access and use your information from here. However, we also have operations elsewhere in the European Union - currently the Netherlands, Lithuania and Spain - and personal data may be accessed from there too. In these cases, the use of the information in those locations is protected by European data protection standards.
We also send information elsewhere in the world. For example:
While countries within the European Union all ensure a high standard of data protection law, some parts of the world may not provide the same level of legal protection in relation to personal data. As a result, when we do send personal data overseas, we will make sure that suitable safeguards are in place to protect the information. For example, these safeguards might include:
If your information has been sent overseas like this, you can obtain further information about the safeguards used by contacting us using the details set out in section 1 above.
We will keep your personal data for as long as you are a registered user of any of our products and may keep it for an additional period of time from when your account is closed. We keep the data for that additional period of time in case we need to respond to any enquiries from you, your employer or from any regulators.
We do not use automated decision-making or profiling to make any decisions that will significantly affect you.
You have several different rights in relation to the personal data that we hold about you. These are briefly described below. To enquire about exercising these rights, please use the contact details set out in section 1.
We try to ensure that we deliver the best levels of customer service but if you are not happy you should make contact so that we can investigate your concerns. Please contact us by sending an email to email@example.com or by using the online system at https://support.recipero.com.
From 25 May 2018 you can also contact our Data Protection Officer firstname.lastname@example.org.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), which is the body that regulates the handling of personal data in the United Kingdom. You can do this online through the ICO's website at www.ico.org.uk, by telephone on 0303 123 1113, or by writing to them at Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF.
You can disable any cookies already stored on your computer, but these may stop our website from functioning properly. To disable cookies please refer to the help information of the website browser of device that you are using.
The following is strictly necessary in the operation of on or both of the websites detailed above.
The websites will:
The following are not strictly necessary, but are required to provide you with the best user experience and also to tell us which pages you find most interesting (anonymously).
The websites will:
The websites will:
The websites will not: