Date Adopted: 19th February 2019
This privacy notice provides information about how we use and share personal data about users of the websites at www.immobilise.com, shop.immoblise.com, www.immobilize.net, www.reportmyloss.com, www.reportmyfind.com and www.checkmend.com (referred to below as the websites). It covers the following topics:
- Who we are and how you can contact us
- What we use personal data for
- What kinds of personal data we use, and where we get it from
- What our legal grounds for handling personal data are
- Who we share the personal data with
- Where the personal data is stored and sent
- How long the personal data is kept for
- Whether the personal data is used to make decisions about you or to profile you
- Your rights in relation to the personal data we hold about you
- Who you can complain to if you are unhappy about the use of your personal data
1. WHO WE ARE AND HOW YOU CAN CONTACT US
We are TransUnion Information Group (TU UK), which is a group of companies with headquarters at One Park Lane, Leeds, West Yorkshire LS3 1EP. Some of the members of TU UK are listed in section 5 below.
TU UK forms part of a larger group of companies. However, this privacy notice only covers the activities of TU UK.
The TU UK company which operates the websites is Recipero Limited. Recipero Limited is a controller of the personal data that you provide us with on the websites or if you contact us using the details below. This means that it is responsible for ensuring that the personal data is used fairly and lawfully.
2. WHAT WE USE PERSONAL DATA FOR
This section explains the purposes for which we use personal data about you. More detail about the types of personal data that we might use for these purposes can be found in section 3 below.
Providing our websites and our products and services to you
We use personal data to provide you with products and services through our websites. This includes products and services such as:
- the property registration services, lost, stolen and found property reporting services, and property checking services that you can access by signing up on the websites;
- the property marking and anti-theft products available for purchase through the online shop at https://shop.immobilise.com.
This also includes contacting you about those services. For example, we may contact you by email or SMS message to let you know about significant changes to the services you have signed up for.
Other products and services for the prevention and detection of fraud and other crime
We will use your personal data in other products and services which are designed to help prevent and detect fraud and other crime. In particular:
- As part of the services, information is shared with police forces and other law enforcement agencies, as well as some private organisations. In each case, the purpose for which the information is shared is in order to help prevent and detect fraud, theft and other crime relating to our users and their property, or to reunite our users with their property.
- Personal data may also be included in other crime prevention and detection services offered by TU UK, particularly in relation to fraud and identity verification.
Prevention and detection of fraud and other crime
In order to detect or prevent fraud (for example, to ensure that no-one has fraudulently accessed your account or to confirm you have only entered information about yourself), we may use personal data from other sources to corroborate your details. We may use third parties to undertake these checks on our behalf.
We use personal data for marketing purposes. This includes showing you advertisements or otherwise informing you about products and services that we think may be of interest to you. These may relate to products and services offered by any current or future member of TU UK (see section 5) or any third party.
We will not sell your personal data to third parties for marketing purposes but we may use it to promote third parties’ products and services.
We will only make contact with you for marketing purposes by email, telephone, SMS or similar methods if you have given us your consent to do so, and we will only do it using the methods which you have specifically chosen. For example, if you have indicated that you only wish to receive marketing communications by email, then that is the only method by which we will contact you for that purpose. However, you might still be contacted for other purposes – for example, as part of our relationship management (see below) or if contacting you is part of the service we are providing you with.
You can adjust your marketing preferences in your account settings or (in the case of email) by clicking the “unsubscribe” link. Please note that you will continue to receive service messages.
We use personal data for relationship management purposes. Relationship management is the ongoing maintenance of our relationship with you. This could include activities such as letting you know about product changes or planned maintenance activity, providing you with technical support or dealing with your enquiries.
Administering, monitoring and improving our websites
We use information such as how different people navigate around our websites, how long they spend on particular pages and whether they download any of our content in order to help customise and improve the user experience of our websites. It also allows us to tailor the website to match your interests and preferences better and helps us understand who has visited which pages to determine the most popular areas of the website.
This information is also used for security and system administration and to generate aggregate non-personalised information for use by us, our business contacts, selected third parties, sponsors or advertisers (such as anonymous statistics related to the take up or use of services, or to patterns of browsing).
Product or systems development and testing
We may sometimes use personal data while improving, developing or testing our products and systems. This includes making sure that our security measures are working properly. Where possible, we will anonymise or pseudonymise the data before doing this.
Legal and regulatory purposes
We may use your personal data for legal and regulatory purposes. For example, this might include responding to complaints or enquiries from you or a regulator about how we have used your personal data.
The information you give us may be combined with other information about you that is obtained from other sources, and the combined data may be used in accordance with this privacy notice. For example:
- The information you give us may be compared with data available elsewhere to verify your identity or validate the information you have provided (for example in the context of anti-fraud measures).
- Anonymised information about you may be combined with information about your devices (or cookies placed on your devices) to improve the quality and relevance of advertising material on websites you visit.
3. WHAT KINDS OF PERSONAL DATA WE USE, AND WHERE WE GET IT FROM
We obtain and use information from various different sources. These are summarised in the following table.
|Type of information||Description||Source|
Name and contact details
This is basic personal data about you, and how to get in touch with you.
This information is usually provided directly by you, typically through our websites.
Other information you provide in connection with the services
This is information you provide us in connection with the services we provide to you. For example, if you use our property registration service, this includes information about the items of personal property that you have registered on the websites, including a description of the property together with identifying details such as serial number.
This is information about what products and services you have subscribed to or bought, when you bought them and, if applicable, how much you paid for them.
We produce these records ourselves.
This is information about our contact with you. It also includes your behaviour in response to our interactions with you, such as whether you have opened our emails or clicked on a link.
This is information about the device you are using to access our websites, such as the type of device, its operating system, browser, IP address, screen resolution and what cookies are on it.
We produce these records ourselves by monitoring your use of our websites.
Third party data
This information that we obtain about from third parties and associate with you or your devices. For example, we obtain mobile device blacklist data and link it to IMEI numbers on our database, and we may obtain demographic information to help us understand our customers.
We may obtain this data from various different data suppliers.
You are free to choose whether or not you give us your personal data. However, if you are signing up to one of our products or services we might not be able to provide you with that product or service if you do not give us the information we need in order to do so.
4. WHAT OUR LEGAL GROUNDS FOR HANDLING PERSONAL DATA ARE
This section explains the basis on which we process your personal data in connection with the websites.
Performance of our contract with you
When you sign up to the websites, or purchase a product from the websites, we agree to provide you with products and services as set out in the Terms & Conditions for the relevant website. We need to use some of your personal data in order to be able to provide you with those products and services. For example, we need to know what services you have signed up for, and we need to process your credit or debit card details in order to take payment from you for any paid-for products.
We rely on your consent for sending you marketing materials by email, telephone, SMS or similar methods. You can give or withhold consent when you first sign up on the websites, and you can subsequently withdraw your consent through your account settings or (in the case of email) by clicking the “unsubscribe” link.
The UK’s data protection law allows the use of your personal data where necessary for legitimate purposes provided that this isn’t outweighed by the impact it has on you. The law calls this the “legitimate interests” condition for processing personal data.
The legitimate interests we are pursuing are:
Understanding and keeping in touch with our customers
We have an interest in understanding what kinds of people use our products and services and how they use them. We also have an interest in keeping in touch with them, for example in order to keep them up to date with the products and services we provide to them.
Monitoring and securing our systems and data
Some of the ways we use personal data are justified by the need to ensure that our systems and the data we make available through the website are kept secure and only made available to the correct people.
Like any commercial organisation, we seek to earn revenue through the services that we provide to our customers and clients.
5. WHO WE SHARE THE PERSONAL DATA WITH
Other Recipero customers
Our services are designed to help reunite you with your property if it is lost or stolen, to help prevent your property from being resold by whoever has it, and to help you report property that you find. In order to do this, we make your information (including your identity and information about the property you have registered) to people who use our theft prevention and device checking services, such as police forces and other law enforcement agencies, insurers, retailers and other organisations who need access to it for those purposes.
Our group companies
We may share your personal data among the members of TU UK. If we do so, then use of the data by those companies will be governed by this privacy notice. A list of relevant TU UK companies is set out below, although the list may be updated from time to time.
|Group company||Main trading address||Registered office|
Transunion Information Group Limited
(company no. 4968328)
With effect from 30 April 2019, this company’s legal name will be TransUnion Information Group Limited.
One Park Lane, Leeds, West Yorkshire LS3 1EP
TransUnion International UK Limited
(company no. 3961870)
With effect from 30 April 2019, this company’s legal name will be TransUnion Information Group Limited.
(company no. 3794898)
(company no. 5542430)
720 S. Colorado Boulevard, Penthouse North, Denver, Colorado 80246, USA
TransUnion Baltics, UAB
(company no. 302689020)
4th Floor, Zalgirio Arena, Karaliaus, Mindaugo pr. 50, Kaunas LT- 44333, Lithuania
Vilniaus m. sav . Vilniaus m. J. Jasinskio g. 16B, LT-01112, Lithuania
We may provide your information to third parties who help us use it for the purposes described in section 2. For example:
- Our database of personal data may be hosted by third parties on our behalf.
- We use a third party email broadcasting service in order to send you service emails or SMS messages or (if you have agreed to receive them) marketing emails.
- We use payment service providers in relation to any payments you make.
- We might use market research companies to help us better understand our customers.
These service providers will not be allowed to use your information for their own purposes or on behalf of other organisations, unless you agree otherwise.
Online advertising platforms
We may use third party advertising platform providers such as Google to serve advertisements to you. These third parties may use information about your visits to these and other websites in order to provide you with advertising about products and services that may be of interest to you.
Sometimes we may provide information associated with you to third parties who operate other websites (such as social media platforms) so that we can show you relevant advertisements while you are using those websites. This information will be protected so that you can only be identified if the third party already knows you – the information we provide only tells them that you are a user of our websites.
If we sell our business to a third party, or go through a corporate reorganisation, we will transfer personal data to the company that acquires the business.
We may sometimes need to pass personal data to a regulator such as the Information Commissioner’s Office.
Sharing of anonymised data with third parties
We may share anonymised information with other third parties, but only where the information cannot realistically be identified as relating to you.
6. WHERE THE PERSONAL DATA IS STORED AND SENT
We are based in the United Kingdom, and will access and use your information from here. However, we also have operations elsewhere in the European Union – currently the Netherlands, Lithuania and Spain – and personal data may be accessed from there too. In these cases, the use of the information in those locations is protected by European data protection standards.
We also send information elsewhere in the world. For example:
- We hold a copy of our databases in the United States.
- Sometimes another group company or branch office based overseas may need to use the data in accordance with this privacy notice.
- Some of our clients and customers are overseas and will get access to personal data in the course of the services we provide to them.
- We may use cloud-based technology or a data centre or backup facility overseas, and people in other countries may also need to access data for purposes such as technical support or system development and testing.
While countries within the European Union all ensure a high standard of data protection law, some parts of the world may not provide the same level of legal protection in relation to personal data. As a result, when we do send personal data overseas, we will make sure that suitable safeguards are in place to protect the information. For example, these safeguards might include:
- Putting in place a contract with the recipient containing terms which have been approved by the authorities as providing a suitable level of protection.
- Sending the information to an organisation which is a member of a scheme which has been approved by the authorities as providing a suitable level of protection. One example is the “Privacy Shield” scheme that has been agreed between the European and US authorities.
7. HOW LONG THE PERSONAL DATA IS KEPT FOR
We will keep your personal data for as long as you are a registered user of any of the websites and may keep it for an additional period of time from when your account is closed. We keep the data for that additional period of time in case we need to respond to any enquiries from you (for example, if you have any questions about the amount we have billed you for any products you buy) or from any regulators.
We may close your account if you do not use it for a long time, and you can close your account at any time by contacting us using the details in section 1 above. For more information about this, please see the Terms & Conditions for the relevant website.
8. WHETHER THE PERSONAL DATA IS USED TO MAKE AUTOMATED DECISIONS ABOUT YOU OR TO PROFILE YOU
We perform the following automated decision-making and profiling activities using your personal data. When we refer to profiling, we mean using personal data to make predictions about you, or to categorise you into particular groups.
Account management and marketing
If you do not use your account for a long time we may automatically categorise you as a dormant user. While you are classed as a dormant user we may attempt to reengage with you, for example by sending you messages reminding you about your account and warning you that if you do not use the account it may be closed.
We may also categorise you alongside other data subjects so that we can tailor advertisements for particular groups of people at the same time.
9. YOUR RIGHTS IN RESPECT OF THE PERSONAL DATA THAT WE HOLD ABOUT YOU
You have several different rights in relation to the personal data that we hold about you. These are briefly described below. To enquire about exercising these rights, please use the contact details set out in section 1.
- Access: You have a right to find out what personal data we hold about you, and certain other information such as how we are using it.
- Withdrawal of consent: When we rely on your consent to use your data (see section 4 above), you have the right to withdraw that consent at any time. You can do this by contacting us, or through your account settings or (in the case of marketing emails) by clicking the “unsubscribe” link.
- Objection to direct marketing: You have the right to object to us using your personal data for direct marketing purposes. If you do this we will stop using it for those purposes.
With effect from 25 May 2018 you also have the following rights:
- Rectification: If the information that we hold about you is inaccurate or out of date, you have a right to ask us to correct it.
- Objection to legitimate interests: If you disagree with us relying on the legitimate interests grounds for using your personal data (see section 4 above), you can object to us doing so. We will then reassess the extent to which we can continue to use the data in light of your particular circumstances.
- Erasure: In certain circumstances you can ask us to delete your personal data from our systems. However, this usually won’t apply to all of your data because we might have good reason for needing to keep some of it.
- Restriction: In some circumstances you can ask us to restrict the ways in which we use your personal data.
- Portability: You have the right to receive some limited kinds of information in a portable format.
10. WHO YOU CAN COMPLAIN TO IF YOU ARE UNHAPPY ABOUT THE USE OF YOUR PERSONAL DATA
We try to ensure that we deliver the best levels of customer service but if you are not happy you should make contact so that we can investigate your concerns. Please contact us by sending an email to firstname.lastname@example.org or by using the online system at https://support.recipero.com.
From 25 May 2018 you can also contact our Data Protection Officer at email@example.com.
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), which is the body that regulates the handling of personal data in the United Kingdom. You can do this online through the ICO’s website at www.ico.org.uk, by telephone on 0303 123 1113, or by writing to them at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF.