Privacy Hub
Equifax Credit Reference and Related Services Privacy Notice
This privacy notice explains how Equifax processes personal data relating to its myEquifax products and services (e.g. Credit Report and Score, WebDetect and Social Scan) and users of the Equifax website. These processing activities usually relate to personal data that has been collected directly from the individual or from the individual’s direct use of myEquifax products and services, as well as the Equifax website.
Last updated: December 2024
You will know us as Equifax but our legal name is Equifax Limited (“Equifax”, “we”, “our” and “us”). We’re committed to protecting the privacy of individuals whose personal data we are processing.
This Equifax Credit Reference and Related Services Privacy Notice (“Notice”) describes how and why Equifax uses personal data relating to:
- our core UK credit reference, fraud prevention and related services: and
- marketing services.
Equifax is a “Controller” of your personal data, which means that we make decisions about how and why we process it. As a Controller, we’re responsible for making sure that it’s processed in accordance with data protection laws.
Equifax’s core activities are ‘credit referencing’ and ‘fraud prevention’. You should read this Notice to understand what we are doing with your personal data, including our lawful basis for processing it, who we share it with and your rights in relation to it. “Personal data” is any information that relates to a living identifiable person. Your name, address and contact details are all examples if they identify you. To “Process” means any activity relating to personal data, including its collection, storage, transfer or other use.
Together with the other main credit reference agencies (“CRAs), TransUnion and Experian, we have drafted a separate privacy notice, called the Credit Reference Agency Information Notice (CRAIN), which explains how CRAs commonly use and share personal data about you and/or your business. This personal data is part of, derived from or used in credit referencing and fraud prevention activities.
We also make available other privacy notices which relate to specific Equifax products or services, or other Equifax group companies. These apply in conjunction with this Privacy Notice, so please ensure that you read every relevant notice. Our privacy notices include:
Privacy Notice | Processing Activities |
Equifax Credit Reference and Related Services Privacy Notice (THIS NOTICE) | This privacy notice explains how Equifax processes personal data as part of its core credit reference agency (CRA) activities. These processing activities often relate to personal data that has not been collected directly from the individual. |
This privacy notice explains how Equifax processes personal data relating to its myEquifax products and services (e.g. Credit Report and Score, WebDetect and Social Scan) and users of the Equifax website. These processing activities usually relate to personal data that has been collected directly from the individual or from the individual’s direct use of myEquifax products and services, as well as the Equifax website. | |
This privacy notice, produced with Experian and Transunion (the other key CRAs), explains how personal data is processed for core credit referencing activities. This often relates to personal data that has not been collected directly from the individual. | |
This privacy notice explains how Equifax’s group company, TDX Group Limited, processes personal data to support clients with debt management and recovery. | |
This privacy notice explains how Equifax’s group company, Consents Online Limited, processes personal data to provide clients with access to consumer transaction data held within payment accounts. This is known as open banking. | |
This privacy notice describes how and why Equifax processes personal data to administer our Workforce Solutions database and related services. |
- Equifax also provides other related services, listed below with the relevant information provided within this Notice:
- Marketing Services (see Section 10.) - Equifax uses personal data to help clients with their marketing activities, e.g. to help ensure responsible lending by removing individuals from marketing lists where the financial services being offered are inappropriate to the individual’s circumstances, or to advise clients when individuals have moved address, updated their marketing preferences or have died.
- Segmentation and profiling (see Section 8.) - the generation of a ‘credit score’ is a type of profiling. Equifax also uses personal data to analyse, segment and profile sections of the population, e.g. by age range or geographic area.
We understand that Equifax’s processing activities are complex and that the language used in relation to our activities is sometimes difficult to understand. We have tried to explain things as simply as possible throughout this Notice, however to assist further we have put together a Privacy Glossary which provides more information about some of the terms used throughout this Notice. Whenever you see a word highlighted like this, you can click through to our Privacy Glossary to learn more.
CONTENTS:
- How can you contact us?
- How do we use your personal data?
- What types of personal data do we process and where do we get it?
- What is our lawful basis for using your personal data?
- Who do we share your personal data with and why?
- Where in the world is your personal data processed?
- How long do we keep your personal data?
- Does Equifax make decisions about you or profile you?
- What are your rights in relation to your personal data?
- Equifax’s Marketing Services
- Who can you complain to if you are unhappy about the use of your personal data?
- Where can you find out more?
1. HOW CAN YOU CONTACT US?
You can contact us by:
- Post: Equifax Limited, Customer Service Centre, PO Box 10036, Leicester, LE3 4FS.
- Website: https://www.equifax.co.uk/Contact-us/Contact_Us_Personal_Solutions
- Equifax Online Help: www.equifax.co.uk/ask
- Phone: 0333 321 4043 or 0800 014 2955
Equifax has a dedicated Data Protection Officer (DPO) who can be contacted by:
- Post: Equifax Limited, Data Protection Officer, PO Box 10036, Leicester, LE3 4FS.
- Email: UKDPO@equifax.com
2. HOW DO WE USE YOUR PERSONAL DATA?
As one of the UK’s biggest CRAs, we are regulated by the Financial Conduct Authority (“FCA”) and authorised to conduct business as a CRA and a credit broker. To provide our services, we hold detailed UK consumer and business data, which enables us to provide insights into the behaviours and drivers behind the economy, helping our clients drive their businesses forward, and consumers and businesses access the products and services they can reasonably afford.
The role of a credit reference and fraud prevention agency (such as Equifax) is very complex, relying on a number of different uses of your data. To help you understand how and why we use your data, we have summarised our primary uses of your personal data below. We have also produced an example data journey, which illustrates how your data would typically flow from you to Equifax, and who we may share it with.
If you would like more information about what categories of personal data we use, where we obtain your data and more specifically how we process it (including our lawful basis), please read on or contact us using the contact details above.
Summary of personal data use:
Click to skip to the following:
- Credit reference agency (CRA) processing
- Fraud prevention agency (FPA) processing
- Marketing Services
- Consumer products and services
- Open banking services
- Biometric identity verification
- Business data processing
- General information services processing
(a) CREDIT REFERENCE AGENCY PROCESSING
As a CRA, we receive personal data about you that is part of, derived from or otherwise used in credit activity.
Example:
|
The information we receive and process in relation to your credit activity is used by Equifax and our clients in ‘credit referencing activities’, which include:
- Credit reporting and affordability checks (for example, information related to your financial circumstances guides lenders as to whether to accept your application for a loan or credit card)
- Verifying data like your identity, your age, where you live, and preventing and detecting criminal activity, fraud and money laundering
- Tracing your whereabouts to assist in the return of money you are owed or to reclaim debt that you owe
- Statistical analysis, including profiling of either you as an individual (for example, to generate a ‘credit score’) or a group of people (for example, the general financial circumstances of a region or city)
Please refer to the CRAIN for more information.
(b) FRAUD PREVENTION AGENCY PROCESSING
Equifax is a FPA and member of Cifas, a not-for-profit fraud prevention service. This means we collect, maintain and share data about known and suspected fraudulent activity. Where Equifax identifies potential fraud, it may share that information with Cifas so that other Cifas members can access it. This enables them to perform additional checks when (for example) a credit application is made in your name. If fraud is detected, you could be refused certain services, finance or employment.
Please refer to Cifas’ Fair Processing Notices for more information.
How data is used by Equifax as a fraud prevention agency
In order to flag, prevent and monitor fraudulent (or suspected fraudulent) activity, we may supply the data received from our clients about you, your financial associates and your business (if you have one) to other organisations (please see SECTION 5 - WHO DO WE SHARE YOUR PERSONAL DATA WITH AND WHY for more information). This may be used by these organisations and other FPAs and CRAs to:
- Prevent crime, fraud and money laundering by, for example;
- checking details provided on applications for credit and credit related products and services
- managing credit and credit related accounts or products or services
- verifying details provided as part of insurance underwriting and the pricing of insurance policies, and assessment of insurance risk including insurance claims
- checking details on applications for jobs or as part of employment
- Verify your identity if you or your financial associate applies for facilities including all types of insurance and where a claim is made
- Trace your whereabouts to assist in the return of money you are owed or to reclaim debt that you owe
- Conduct other checks to prevent or detect fraud, as permitted by law
- Undertake statistical analysis and system testing
(c) MARKETING SERVICES
Equifax will use some of the data it holds about you to assist clients with their marketing activities. The data that is available for such use is limited, and we restrict the use of your data by our clients to only certain marketing activities summarised below, with further details provided in SECTION 10 - EQUIFAX’S MARKETING SERVICES.
In any event, you have control of whether or not your data is used for marketing activities, and if you would prefer that it is not used for such activities, you have a right to object (please see SECTION 9.4 for more details).
The relevant information and the services we provide are summarised as follows:
- Financial Pre-Screening - To help promote responsible lending, avoid consumer overindebtedness and uphold the ‘Consumer Duty’ applicable to certain regulated firms, Equifax will use negative credit payment, search history, and public derogatory data (such as the presence of county court judgments (CCJs)) to help clients that are entitled to receive the data to remove individuals from financial marketing campaigns where the service would not be appropriate to the circumstances of the individual. Credit related data may also be used to confirm residency at an address.
- Suppression - To help avoid marketing being sent to the wrong address, to individuals that have died or who are under 18 or who have objected to the use of their data for marketing purposes, Equifax will identify to its relevant clients when potential recipients of client marketing appear to have died, moved address, are under 18 or have raised an objection to being marketed to.
- Customer marketing - To help promote responsible lending and avoid consumer overindebtedness, Equifax’s clients entitled to receive such data, may access credit payment and search history of their customers so that they can send marketing that is appropriate to the financial circumstances of the individual. Our clients must comply with their own legal obligations when conducting these searches with Equifax, making use of the data and sending marketing, including providing information to you about it and obtaining consent where necessary.
- Open register supply – Equifax makes available to clients information made available from the open electoral register, which is the version that is available to anyone who wants to buy a copy. It only includes the details of individuals who have not ‘opted-out’ of being on the open register. Further information can be found on the government website here.
- Mover information – Equifax identifies properties that are likely to have been subject to a recent change of occupancy, and shares this information with clients who may use it to send marketing materials or display more relevant advertising to that address or the occupier (for example, offers to install or migrate broadband).
- Aggregated data insights - Equifax aggregates and anonymises data, which is made available to clients for a variety of uses, including to inform their marketing activities. For example, an analysis of the general financial strength of a town, city, postcode or other area may influence what marketing is conducted by our client in that area.
Please note that SECTIONS 3 to 9 below do not specifically include or refer to the Marketing Services provided by Equifax as all relevant information is included in SECTION 10 - EQUIFAX’S MARKETING SERVICES.
(d) CONSUMER PRODUCTS AND SERVICES
We will use your personal data when providing our products and services to you directly, for example:
- Credit Score and Report – using the data held on our database, we calculate your credit score and can provide a report explaining what factors have impacted that score.
- WebDefend – using the details you provide to us (such as email address, telephone number and credit/debit card details), we identify and monitor potential instances of fraud by cross checking your data to that shown on websites used by fraudsters to trade personal data.
These services can be obtained through our website www.equifax.co.uk (the “Website”).
Processing of your personal data collected either via the Website or through provision of our consumer products and services is explained in the MyEquifax and Website Privacy Notice.
(e) OPEN BANKING SERVICES
Equifax and its group company Consents Online Limited (“ConsentsOnline”) may also use personal data about you when we provide our open banking services.
These services involve you granting permission to Equifax and ConsentsOnline to access “Transaction Data” listed on a payment account held by you. Transaction Data includes balance, overdraft or credit limit, and incoming and outgoing transactions, including the amount and description of transaction.
We will then share your Transaction Data, together with any analysis of it that we may have created, to our client i.e. the organisation that you have authorised to receive it (an “Approved Recipient”).
The Approved Recipient will then typically use the Transaction Data and any analysis to assess your financial circumstances or provide other services which you have requested.
For more information about how we process your personal data in relation to our open banking services, please refer to the Equifax and Consents Online Open Banking Privacy Notice.
(f) BIOMETRIC IDENTITY VERIFICATION
Equifax may collect biometric information about you when we perform identity verification for compliance due diligence purposes or when we provide identity verification services via our identity verification partner, Mitek, which will involve submitting photos of yourself and your photo identification.
If you decide to use this service via one of our clients, Equifax may process information about face geometry and related biometric information derived from the photos and other information (including information from your driving licence/passport) that you submit to us for the purpose of providing identity verification services.
(g) BUSINESS DATA PROCESSING
Personal data about individuals in their role as owners, directors, and employees of UK businesses may also be obtained and processed by Equifax, and shared with clients or other CRAs for activities including:
- Credit reporting and affordability checks (for example, information related to your financial circumstances guides lenders as to whether to accept your application for a loan or credit card)
- Verifying business information and preventing and detecting criminal activity, fraud and money laundering
- Tracing your whereabouts to assist in the return of money you are owed or to reclaim debt that you owe
- Statistical analysis, including profiling of either you in a business capacity (for example, to generate a ‘credit score’) or a group of people (for example, the general financial circumstances of a region or city)
For further information please refer to the Business Information Providers Association.
(h) GENERAL INFORMATION SERVICES PROCESSING
In order to provide our services to clients and individuals, we need to undertake certain general background operational processing of your personal data, as follows:
- Data loading - data supplied to Equifax is checked for integrity, validity, consistency, quality and age to ensure it is fit for purpose. These checks pick up things like irregular dates of birth, names, addresses, account start dates, and gaps in payment status history.
- Data matching - data supplied to Equifax is matched to the data held on our existing databases to help make sure it is assigned to the right person, even when there are discrepancies like spelling mistakes or different versions of a person’s name. Where permitted, Equifax uses the personal data individuals have provided to its clients, together with data from other sources, to create and confirm identities, which are used to underpin the services Equifax provide.
- Data linking and financial associates - as Equifax compiles data into its databases, we create links between different pieces of data. For example, people who appear financially associated with each other may be linked together, and addresses where someone has previously lived can be linked to each other and to that person’s current address.
- Systems and product development/testing - data may be used to help support the development and testing of new products and technologies.
- Legal compliance and general record keeping – we will process data where required by law (for example, to comply with our requirements as a FCA regulated business, such as verifying the identity of our client’s directors) and may retain data where necessary for record keeping, tax compliance and to defend against claims.
3. WHAT TYPES OF PERSONAL DATA DO WE PROCESS AND WHERE DO WE GET IT?
To enable us to operate as a CRA and FPA, it is necessary for us to collect and store numerous types of data about you.
We typically do not have a direct relationship with you (except where you receive products or services from us,or communicate with us directly), so we obtain this data from numerous sources, including directly from publicly available materials (for example, the electoral roll and published CCJs) or from our clients (for example, where a lender provides information about you so that we can conduct a credit check).
Equifax typically acts as a controller in relation to the data it receives from clients, including where the information we receive is used to match against or is appended to records we already hold in our database (for example, addresses linked to you or your credit data).
All the CRAs rely on similar types of data to provide their core credit, anti-money laundering, identification and fraud services. Details of the types, description and source of information common to all three main CRAs (including Equifax) can be found in the CRAIN.
We have also set out the key categories of data that we collect about you and where we obtain this information, in the below table:
| CATEGORY OF DATA | TYPE OF PERSONAL DATA | WHERE COLLECTED* |
|---|---|---|
| Identifiers | Full name |
|
| Residential address (current and previous) |
| |
| Time at address |
| |
| Date of birth |
| |
| Telephone number |
| |
| Email address |
| |
| Alias |
| |
| Financial Accounts and Repayment Data | Credit agreements (including balance, payment history and term) |
|
| Closed / settled accounts |
| |
| Instances of default |
| |
| Current account turnover data (“CATO”) |
| |
| Court Judgments, Decrees and Orders | County court judgments |
|
| Bankruptcies |
| |
| Individual Voluntary Arrangements (“IVAs”) |
| |
| Debt relief orders |
| |
| High Court data (liquidations, receiverships, etc.) |
| |
| Searches (these are searches that lenders and clients may make in relation to you, when you apply for services, for example) | Credit searches |
|
| Debt collection searches |
| |
| ID checks |
| |
| Application Data (this is information which is sent to Equifax as part of a search when you conduct an application for credit) | Name |
|
| Residential address (current and previous) |
| |
| Email address |
| |
| Telephone number |
| |
| Declared income |
| |
| Derived or Created Data | Credit score |
|
| Linked addresses (additional addresses that have been associated with you such as a previous address) |
| |
| Linked companies (where a director or owner) |
| |
| Attributes and characteristics |
| |
| Biometric Information | Copies of photo identification |
|
| Other Data | Instances of actual or potential fraud |
|
| Sanctions, Politically exposed persons and SIP/SIE’s |
|
*Please note:
- The majority of data is derived from multiple sources. We have therefore listed key examples.
- Personal data may refer to you as an individual or in your capacity as a director, shareholder or business proprietor.
In addition to the above categories, we also process the following data relating to residential addresses:
- whether it is likely to have been subject to a recent change of occupancy or it is available for sale or rent (we call this “Mover Data”), which we store and make available to clients so that they can (for example) ensure the occupier of the property is updated on how to migrate or obtain products and services (such as broadband); and
- postcode level data (“PLD”), such as the percentage of households in a postcode with one adult present. This is information relating to a particular geographic area (and is therefore not always ‘personal data’ because it doesn’t relate to an identifiable individual). Please be aware that some of our clients may link PLD with you based on the area in which you live. When they do so, the combined data processed by our clients is likely to be considered your personal data.
4. WHAT IS OUR LAWFUL BASIS FOR USING YOUR PERSONAL DATA?
We are required by data protection laws to always have a “lawful basis” (i.e. a reason or justification) for processing your personal data. The below sets out the relevant lawful bases that Equifax relies on.
Please note that where we have indicated that our use of your personal data is either necessary for us to comply with a legal obligation or necessary for us to take steps to enter into a contract with you (or to perform our obligations in an existing contract), we may not be able to enter into or continue our contract or engagement with you, if you choose to not provide the relevant personal data.
Legitimate interests
The UK’s data protection laws allow the use of personal data where the processing is necessary for a legitimate interest pursued by us or a third party, and this interest is not outweighed by the interests, fundamental rights or freedoms of data subjects. This is known as the ‘legitimate interests’ condition for personal data processing.
Where Equifax processes your personal data in our function as a CRA and FPA, we rely on our legitimate interests and those of our clients, which include:
- Promoting responsible lending and helping to prevent over-indebtedness
- Helping prevent and detect crime and fraud, supporting anti-money laundering services and verifying identity
- Supporting tracing and collections
- Complying with and supporting compliance with legal and regulatory requirements
Please refer to the CRAIN for more information.
Contract
The UK’s data protection laws allow the use of personal data where it is necessary for the performance of a contract with you.
We provide some of our services directly to individuals (for example, you may subscribe to receive your Equifax Credit Report and Score, as described in the MyEquifax and Website Privacy Notice). Where we process your personal data to provide you with these services, our processing will be both because it is in our legitimate interests and also because it is necessary to comply with our contractual obligations to you, as an Equifax customer.
Legal obligation
The UK’s data protection laws allow us to process personal data where it is necessary for compliance with law.
There are many situations where legal obligations may arise, but those most likely to impact our business and result in the processing of your personal data are:
- Where we are required to hold or share your personal data in compliance with FCA regulations and permissions.
- Where a crime is suspected (including fraud or money laundering) and we are required to make appropriate notifications or assist with investigations.
- Where we are required to comply with the instructions of a regulator, court or law enforcement agency.
- To maintain records required by law or to evidence our compliance with laws.
Consent
The UK’s data protection laws permit controllers to process personal data where you have consented to it.
We typically do not rely on consent to process your personal data, except in relation to certain marketing activities and other occasional isolated circumstances. In these circumstances, we will explain to you why we need your consent and capture your specific consent via a relevant consent form or similar document.
In relation to the processing of biometric data, we will, via our clients, provide a clear written consent statement explaining the processing activities associated with this data.
5. WHO DO WE SHARE YOUR PERSONAL DATA WITH AND WHY?
As a CRA and FPA, we are required to share your personal data with certain third parties (for example, our clients), who may request information about you to assess your suitability for a loan or other products.
Where an organisation uses Equifax services, there will usually be information available via a website or at point of application or service to explain that the organisation may check your data with a CRA or FPA (for example to undertake identity verification and fraud checking). Some organisations have the ability to compel CRAs, by law, to disclose certain data for certain purposes.
Where we do share your personal data, we have measures in place to ensure access is strictly limited to the intended recipient(s). For example, before we share data with any other organisation, we check that organisation’s identity, location and, where applicable, confirm any necessary legal registrations.
The below sets out the different types of recipients we share your personal data with.
Members of the Equifax credit data sharing arrangement
Each organisation that shares Financial Accounts and Repayment Data with Equifax is also entitled to receive similar financial data shared by other organisations. These organisations are typically banks, building societies, and other lenders, as well as other credit providers like utilities companies and mobile phone providers.
Fraud Prevention Agencies (FPAs)
If Equifax reasonably suspects that fraud has been or might be committed, it may share data with FPAs. These FPAs collect, maintain and share data on known and suspected fraudulent activity. Equifax and some other CRAs also act as FPAs. Equifax shares information with the major fraud prevention agency in the UK, Cifas, who can be contacted here.
Debt Collection Agencies (DCAs)
Equifax uses credit reference data to provide products and services for ongoing relationship and account management activities. It may share this data with Debt Collection Agencies if an individual has fallen into arrears, and is going through a debt collection process.
Resellers/Distributors
Equifax has arrangements with other organisations to enable them to supply Equifax services to their own clients. In these circumstances, Equifax will disclose personal data to resellers and distributors, and those resellers and distributors will either operate as independent controllers or as data processors for and on behalf of the relevant end client. Details of our primary resellers are shown here and will be updated as appropriate:
| COMPANY DETAILS | DESCRIPTION OF SERVICES |
|---|---|
| GB Group plc (‘GBG’) https://www.gbgplc.com/products-services-privacy-policy/ |
|
| LexisNexis Risk Solutions https://risk.lexisnexis.co.uk/ |
|
| Iovation Inc. www.iovation.com |
|
| Sagacity Solutions Limited www.sagacitysolutions.co.uk |
|
| Jumio UK Limited www.jumio.com |
|
| BAE Systems Applied Intelligence Limited www.baesystems.com/en/cybersecurity/home |
|
| CoCreate Design and Marketing Limited www.cocreatedesign.com |
|
| Synectics Solutions Limited www.synectics-solutions.com |
|
| Fair Isaac Services Limited www.fico.com |
|
| Threatmetrix Inc. www.threatmetrix.com |
|
Other organisations
Some data, where permitted by industry rules or where it is public information, can be shared with other organisations that have a legitimate use for it, for example, ID verification services.
Public bodies, law enforcement and regulators
The police and other law enforcement agencies, as well as public bodies like local and central authorities and Equifax’s regulators, can sometimes request that Equifax supply them with personal data. This can be for a range of purposes such as preventing or detecting crime, fraud, apprehending or prosecuting offenders, assessing or collecting tax or investigating complaints.
Equifax Group Companies
Equifax shares personal data with other companies within its group where required for the administration of products/services, IT back office and software support purposes. Group companies include: Equifax Inc. Equifax Commercial Services Limited, Equifax Consumer Information Services LLC, Equifax Chile and Equifax Costa Rica (“Equifax Group”).
We also provide services to some group companies (such as TDX Group Limited and Consents Online Limited) to enable those group companies to provide services to their clients.
Processors
Equifax uses other trusted organisations to perform tasks on its behalf. The following shows the countries of operation for listed services:
| SERVICE CATEGORY | COUNTRY(S) OF OPERATION (See section 6. for more information on Equifax overseas processing) |
|---|---|
| IT infrastructure and operations software support | UK & India |
| IT back office business process software support | India |
| IT back office helpdesk service support | India |
| IT service management support | UK & US |
| Customer call centre services | UK & Philippines |
| Customer call centre support services | US |
| Processing administration services | India |
| Telephone support services | UK |
| Printing and mailing house services | UK |
| Merchant payment processor for customer payments | Ireland |
| Cloud services provider | UK & US |
| Identity and fraud prevention service provider | Ireland, US & Costa Rica |
| Marketing communication services | UK |
| Confidential Waste Services | UK |
Many of these services are provided by companies within the Equifax Group:
| EQUIFAX GROUP COMPANY DETAILS | COUNTRY(S) OF OPERATION (See section 6. for more information on Equifax overseas processing) | DESCRIPTION OF SERVICE |
|---|---|---|
| Equifax Inc. | US | Administrative support, IT and Security back office software support, software development and cloud disaster recovery |
| Equifax Commercial Services Limited | Ireland | Customer call centre and complaints handling services |
| Equifax Consumer Services LLC | US | Website portal services |
Individuals
People are entitled to obtain copies of the personal data Equifax holds about them. You can find out how to do this in SECTION 9.
6. WHERE IN THE WORLD IS YOUR PERSONAL DATA PROCESSED?
Equifax Limited is a UK based company and the majority of our processing of your personal data takes place in the UK. All information and personal data processed by Equifax is stored on encrypted servers at secure physical locations (whether these be our own servers or those of cloud service providers that we use; Google data centres based in the UK with backups in the EU). Equifax has internal policies and controls in place to keep personal data secure and minimise the risk of it being lost, misused, disclosed or accidentally destroyed.
Equifax Limited is part of a global group of companies, therefore your personal data may be transferred to other group members outside of the UK and/or the European Economic Area (EEA). In addition, some of our service providers may have processing operations in other jurisdictions.
While data protection laws in some jurisdictions may not provide the same level of protection to your personal data as it is provided under UK data protection laws, Equifax takes steps to ensure the appropriate protections are in place before knowingly transferring personal data outside of the UK/EEA. Details of Equifax’s main data processors and where they operate can be found above in SECTION 5.
EU-U.S. and the UK Extension to the EU-U.S. Data Privacy Frameworks
Equifax Inc. and its U.S. subsidiary Kount Inc. (together, “Equifax US“) comply with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF as set forth by the U.S. Department of Commerce. Equifax US has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom in reliance on the UK Extension to the EU-U.S. DPF. Equifax US adheres to the EU-U.S. DPF Principles for consumer data. If there is any conflict between the terms in this Privacy Notice and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view the Equifax certification, please visit the DPF’s website here.
Details regarding the collection, purpose, and storage of your data, as well as information regarding the use of third parties to perform services on our behalf may be found within this Privacy Notice. In the context of an onward transfer, Equifax has responsibility for processing personal data it receives under the DPF and subsequently transfers to a third party for external processing. If personal data received under the DPF is transferred to a third party, the third party’s access, use, and disclosure of personal data must also be in compliance with our DPF obligations, and we will remain liable under the DPF for any failure to do so by the third party unless we prove we are not responsible for the event giving rise to the damage.
If you have a question or complaint related to participation in the DPF, we encourage you to contact the Data Protection Officer using the contact details provided in Section 1. How Can you Contact Us?. Please reference “Data Privacy Framework” when contacting us about the DPF. For any complaints related to the DPF that Equifax cannot resolve directly, we have chosen to cooperate with the relevant EU Data Protection Authority, or a panel established by the European data protection authorities, for resolving disputes with EU individuals, and the UK Information Commissioner’s Office (ICO) for resolving disputes with UK individuals. As further explained in the DPF Principles, binding arbitration is available, under certain conditions, to address residual complaints not resolved by other means. Individuals seeking additional information can visit the DPF Annex I for more information. Equifax US is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC) and may be required to disclose personal data handled under the DPF in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
7. HOW LONG DO WE KEEP YOUR PERSONAL DATA?
Identifiers
Identification data, like names and addresses, is kept for as long as we need to keep it. This need is assessed on a regular basis, and data that’s no longer needed for any purpose will be disposed of.
A list of retention periods for key data sets that we process is available in the CRAIN, some of which has been summarised below:
Financial Accounts and Repayment Data
Data about live and settled accounts is kept on credit files for six years from the date they’re settled or closed. If the account is recorded as defaulted, the data is kept for at least six years from the date of the default.
Court Judgments, Decrees and Administration Orders
Generally, court judgments and other decrees and orders are kept on credit files for six years from the date of the judgment, decree or order. However, they can be removed if the debt is repaid within one calendar month of the original date or if the judgment is set aside or recalled by the courts.
Bankruptcies, IVAs, debt relief orders and similar events
Data about bankruptcies, IVAs and other insolvency-related events and arrangements are usually kept on credit files for six years from the date they begin. This period is extended if they last longer than six years. Some data, such as a bankruptcy restrictions order, can also remain on the credit file for longer than six years.
Although the start of these events is automatically reported to Equifax, the end (such as a discharge from bankruptcy or completion of an IVA) might not be. It is for this reason that we advise you to contact us (see contact details above) and the other CRAs when this happens, to make sure that credit files are updated accordingly.
Search footprints
Equifax keeps most search footprints for at least one year from the date of the search, although we keep debt collection searches for up to two years.
Derived or created data
Equifax also creates data, and generates links and matches between data. For example, Equifax keeps address links and aliases for as long as they’re considered relevant for credit referencing and other valid purposes.
Links between people are kept on credit files for as long as we believe those individuals continue to be financially connected. When two people stop being financially connected, either person can contact us and ask for the link to be removed. We will then follow a process to check the people are no longer associated with each other and then update our records accordingly.
Other data
Other third party supplied data, such as politically exposed persons (PEPs) and sanctions data, and mortality data, will be stored for a period determined by criteria such as what has been agreed in the contract.
Archived data
Equifax holds data in an archived form for longer than the periods described above, for things like research and development, analytics and analysis, (including refining lending and fraud strategies, scorecard development and other analysis such as loss forecasting), for audit purposes, and for the establishment, exercise or defence of legal claims. The criteria used to decide the appropriate storage period will include the legal limitation of liability period, agreed contractual terms, regulatory requirements and industry standards.
8. DOES EQUIFAX MAKE DECISIONS ABOUT YOU OR PROFILE YOU?
It’s a common misconception that CRAs use your personal data to ‘decide’ whether or not a lender should provide you with credit or other services. This is not the role of a CRA.
Equifax will collect and combine personal data about you to generate a ‘picture’ of you (for example, your financial circumstances). This is a form of profiling. Where permitted by law, Equifax will then share this profile of you with our clients (for example, banks and other lenders) who will use it to make their own decisions about you.
Accordingly, Equifax does not make any decision about you or tell its clients if they should offer you credit or services – this is for the client to decide based (at least in part) on the data and analytics that we provide.
Please refer to the CRAIN for more information about this.
Scores and ratings
The primary form of profiling Equifax undertakes is in the production of scores and ratings. Equifax uses the data we obtain to produce credit, risk, fraud, identity, affordability, screening, collection and/or insolvency scores and credit ratings about you.
To do this, Equifax uses algorithms and machine learning models to assess hundreds of factors to understand the best combination of information to accurately calculate scores and ratings that will predict the required indicator, e.g. the likelihood of being able to repay credit. Equifax's algorithms use a variety of data points relating to an individual, such as:
- Current Account Turnover (CATO) data
- Credit card utilisation
- Active and closed credit agreements
- Number of active loans
- Repayment history denoting up-to-date payments and any payment arrears
- Number of cash advances in the last 3 months
- The number of hard credit searches on credit reports, which occur when consumers actively make an application for credit
- Public records (electoral roll and County Court Judgments (CCJs))
The model will usually output a score, which is summarised and presented to clients in a variety of ways, e.g. as an index. An index is a number that can be used by lenders to help determine whether consumers qualify for credit. In order to calculate the score, points may also be awarded for positive information (e.g. being up-to-date with recent payments or being registered on the electoral roll) that may help to predict that a consumer is more likely to exhibit low risk behaviour.
Other Profiling
Equifax will combine the information it holds about you and others to generate characteristics linked to, for example, the area in which you live (see SECTION 3 in relation to PLD).
Typically, these characteristics are anonymous once compiled, i.e. individuals are not directly identifiable. However, when we share this data with our clients they might link it to relevant individuals (for example, an individual living in London might be linked to the data profile we have created in relation to residents of London).
9. WHAT ARE YOUR RIGHTS IN RELATION TO YOUR PERSONAL DATA?
In certain circumstances, data protection laws provide you with a number of rights in relation to your personal data. You can exercise your rights by contacting us using the details provided above.
Your rights include:
- The right of access. This is also known as a data subject access request (DSAR) and allows you to receive copies of your personal data and be provided with certain information in relation to it, such as the purpose for processing. Click here for more information about how to exercise this right.
- The right to rectification, which requires us to correct inaccuracies in your personal data. Please see the section below called ‘Personal Data Corrections’ for more information.
- The right to erasure. This is also known as the right to be forgotten, and allows you to request that we erase your personal data. This right only applies in certain circumstances.
- The right to restrict processing, which requires us to restrict the processing of your personal data in certain circumstances;
- The right to data portability. This allows you to receive the personal data that you have provided to us in a machine readable format, where we are processing it on the basis of consent or have entered into a contract with you and the processing is automated.
- The right to object. In certain circumstances you can object to our processing of your personal data, such as for direct marketing purposes.
- The right not to be subject to automated decision-making, which allows you to raise queries, concerns and request a human review in relation to any decision made solely on the automated processing of your personal data.
- The right to lodge a complaint with the Information Commissioner’s Office (ICO). See SECTION 11 for more information.
9.1 WHAT CAN I DO IF I WANT TO SEE MY PERSONAL DATA HELD BY EQUIFAX?
You have a right to find out what personal data Equifax holds about you and for a copy of this information to be provided to you free of charge. The most relevant information Equifax holds about you is likely to be contained in your own Statutory Credit Report.
View Statutory Credit Report Online
Equifax provides a quick and efficient way to access your credit report for free online within a few minutes once we have verified your identity. Click here to start the process.
Request a paper copy of your Statutory Credit Report
You can request a free postal copy of your Statutory Credit Report via:
- Our Website here
- Our credit report application form which you can download and post to:
Equifax Ltd
Customer Service Centre
PO Box 10036
Leicester
LE3 4FS
A copy of your Statutory Credit Report will be posted to your home address within one month.
Data Subject Access Requests (DSARs)
You can also request a free PDF downloadable copy of the other information Equifax holds about you. This is known as a Data Subject Access Request (DSAR). Click here to start the process.
It may take us up to one month to collate and provide you with this information.
If you require a copy of your personal data in a format such as braille or audio, please contact us using the details SECTION 1.
9.2 DO I HAVE A ‘PORTABILITY RIGHT’ IN CONNECTION WITH MY EQUIFAX DATA?
In certain circumstances, the UK’s data protection laws allow a right to data portability, which means that individuals can receive their personal data in a portable format when it is processed under certain lawful bases, such as consent. This right does not apply to Equifax data that is processed on the grounds of legitimate interests. See SECTION 3 for more information about legitimate interests.
9.3 WHAT CAN I DO IF I THINK MY PERSONAL DATA IS WRONG?
We want to make sure that your personal data is accurate and up-to-date, however, as a CRA, much of the personal data we hold about you is received from data suppliers such as lenders and banks. If you think that Equifax is processing inaccurate or incomplete personal data about you, you are able to challenge it. This is known as the right to rectification.
However, we are not able to automatically amend this information. Instead, we are required to follow a set process of informing the relevant data supplier and seeking their confirmation as to the accuracy of the data. While we do so, we make a note on your file that a rectification request has been made.
If the supplier confirms that the data is wrong, we will update our records. If the supplier informs us that the data is correct, we are lawfully able to continue processing it. In these circumstances, you can ask us to add a note to your credit report indicating that you disagree with the accuracy of the data, or providing an explanation or more context for recipients of your credit report to consider, e.g. if you make a credit application to a bank. To do this, please contact us using the details in SECTION 1.
9.4 CAN I OBJECT TO EQUIFAX’S USE OF MY PERSONAL DATA AND HAVE IT DELETED OR RESTRICTED?
Under the UK’s data protection laws, you have the right to object to your personal data being processed, and to request that the processing is either restricted or the data is deleted. However, please be aware that the right to object, the right to restrict processing and the right to erasure are not ‘absolute rights’, which means that they only apply in certain circumstances.
Right to object
The right to object applies in the following circumstances:
- Where the processing is based on a legitimate interest or a public interest. However, we are able to continue processing your data if there are ‘overriding legitimate grounds’ (see section ‘Overriding Legitimate Grounds’ below)
- Where personal data is processed for direct marketing purposes. This is an absolute right, meaning that if you object to us processing your personal data for direct marketing purposes, we will stop that processing. Please note that we may retain a record of your objection and other information to ensure that your personal data is no longer used for direct marketing purposes.
Right to restrict processing
The right to restrict processing applies in the following circumstances:
- Where you have raised a concern about the accuracy of your data, we will restrict processing it for a period of time while we verify its accuracy
- Where the processing of your personal data is unlawful but you would prefer that the data is not deleted and would instead like us to simply not use it
- Where it is no longer necessary for us to process the personal data but you would like us to retain it, rather than delete it, so that you can use it for the establishment, exercise or defence of a legal claim
- Where you have objected to the processing of your personal data and are waiting for confirmation of any overriding legitimate grounds that we may have to continue processing it
Right to erasure
The right to erasure applies in the following circumstances:
- Where the personal data is no longer required for the purpose it was collected for
- Where you have revoked your previously given consent for the processing of your personal data and there are no other appropriate lawful bases to continue processing it
- Where your personal data is processed for direct marketing but you have now objected to such use
- Where your personal data is being processed unlawfully or UK law requires us to erase the personal data to comply with a legal obligation
- Where the processing of your personal data is on the basis of a legitimate interest or is in the public interest, you have objected to this processing and there are no overriding legitimate grounds to continue processing it
Overriding legitimate grounds
As explained earlier in the Notice, the majority of Equifax’s processing of your personal data is on the basis of legitimate interests. As a result of this, condition (e) above is likely to apply and we are likely to be able to continue processing your data if overriding legitimate grounds exist.
It is very likely that overriding legitimate grounds to continue processing your personal data will exist despite your objection or request for erasure. This is due to the importance of the credit referencing industry to the UK’s financial system, which helps the entire industry assess instances of fraud and prevent over indebtedness, fraud and money laundering.
As a result, in most cases it wouldn’t be appropriate for Equifax to restrict, stop processing or erase your personal data. For example, hiding an individual’s poor credit history could enable that individual or an organisation to get credit they otherwise wouldn’t be eligible for.
10. EQUIFAX’S MARKETING SERVICES
10.1 HOW DO WE USE YOUR DATA FOR EQUIFAX’S MARKETING SERVICES?
Equifax’s marketing services involve us providing analysis or data to our clients to assist with their own marketing activities.
Equifax might also have a direct relationship with you (for example, because you subscribe to receive your Equifax Credit Report and Score), so we may provide our own marketing to you because you are opted-in to receive it. These direct marketing activities are explained in the MyEquifax and Website Privacy Notice.
The list below explains the marketing services available to our clients.
Financial pre-screening and customer marketing
When our clients are undertaking marketing campaigns in relation to a financial product or service (for example, promoting a new loan), they may want to check that they are not sending marketing communications to individuals whose circumstances are not appropriate for the product (for example, individuals who are already experiencing financial difficulties and cannot afford an additional loan). This helps promote responsible lending, avoid consumer overindebtedness and uphold the ‘Consumer Duty’ which certain regulated firms are required to comply with.
To assist these clients, Equifax will use Identifiers, Financial Accounts and Repayment Data and Court Judgments, Decrees and Orders to remove individuals from marketing lists. Please note that Equifax will only provide your Financial Accounts and Repayment Data to clients that are entitled to receive it.
To do this, our clients must first have told you that they intend to process your personal data in this way, identified their lawful basis to do so, and complied with their own legal obligations, such as obtaining consent where necessary. For this reason, the financial pre-screening service is typically used in relation to applicants and existing customers of our clients, so we would encourage you to read the privacy notices of your service providers (for example, your bank).
Suppression
To help avoid marketing being sent to the wrong address or to individuals that have died or have objected to the use of their financial data for marketing purposes, Equifax will notify clients when their customers appear to have died, moved address or have raised an objection.
Open register supply
The electoral register contains the names and addresses of everyone who is registered to vote in public elections. There are two versions of the electoral register; the full version and the ‘open register’ (‘edited register’ in Northern Ireland). The open register is the version that is available to anyone who wants to buy a copy and includes only the details of individuals who have not ‘opted-out’ of being on it. Further information can be found on the government website here.
Equifax receives a copy of the open register on a rolling basis and provides clients with the information made available as part of the open register.
Our clients may use this information for direct marketing purposes (for example, to send you postal marketing).
When you registered with the electoral roll (e.g. to vote), you will have been given the option to opt-out of having your details placed on the open register. If you did not opt-out, your data can be used for direct marketing purposes under the lawful basis of legitimate interests.
You can opt-out from appearing on the open register at any time by contacting your local Electoral Registration Office. Please be aware that, while choosing to be removed from the open register will prevent companies having access to those details in the future, companies may continue to send you marketing communications using information they have previously obtained.
In any case, you have the right to opt-out from receiving marketing communications by notifying the sender directly. Please see SECTION 9 - WHAT ARE YOUR RIGHTS IN RELATION TO YOUR PERSONAL DATA.
Mover information
Using a combination of Identifiers, Court Judgments, Decrees and Orders, and Application Data, Equifax generates details of properties that are likely to have been subject to a recent change of occupancy. Additionally, when a property is listed for sale or rent, that information is typically made publicly available (for example, via listings at estate agents). Through third party suppliers, Equifax stores details of these properties, including the address and whether it is for sale or rent.
The generated and collected property data (“Mover Data”)is made available to clients who may (where permitted by law) use it to send marketing materials or display more relevant advertising to the relevant occupant (for example, postal marketing with offers relevant to a new or outgoing resident, such as installation or migration of broadband). Some clients may also match the Mover Data with their own customer records to identify customers that have recently moved home, though it will be for those clients to determine whether they have a lawful basis for doing so.
You can opt-out from receiving direct marketing materials or targeted advertising at any time by notifying the relevant sender directly.
Please see SECTION 9 - WHAT ARE YOUR RIGHTS IN RELATION TO YOUR PERSONAL DATA.
Aggregated and anonymised data
Equifax aggregates and anonymises some of the information it holds (including information in relation to your financial circumstances) to generate analysis of an area or section of the population.
In SECTION 3 we explain that this anonymous analysis is used to create postcode level data (PLD), which provides a likely profile of residents in a particular area (normally a postcode).
In addition to the marketing activities explained above, we make available PLD (and potentially other anonymised data analysis) to our clients.
Our clients may use this data for general marketing purposes or combine this data with information they already hold about you in order to send direct marketing to you where they are permitted by law to do so.
What is ‘general’ vs ‘direct’ marketing?General marketing is when marketing messages are sent or displayed to individuals who are not being directly targeted, for example, where an organisation sends leaflets by post to every address in an area and does not know or use the identity of the people at those addresses. The organisation may use our PLD to identify areas that might be most receptive to their products, e.g. fibre broadband. Any generic leaflets sent within that area about fibre broadband are likely to be considered general marketing. Direct marketing is when marketing messages are sent or displayed to individuals who are being directly targeted as individuals. For example, we might supply a client (e.g. your internet provider) with PLD which provides a general profile of the financial status of individuals who live in a borough of London, including their likelihood to purchase fibre broadband. In addition to sending generic marketing to all of the households in that London borough, the client may have your permission to send marketing to you directly. In which case, they might use the PLD to refine the content of your marketing materials if they consider that you are more likely to purchase fibre broadband than some of their other customers. |
10.2 ON WHAT LAWFUL BASIS DOES EQUIFAX COLLECT AND PROCESS PERSONAL DATA FOR ITS MARKETING SERVICES?
All of the processing for the marketing services described above is on the lawful basis of the legitimate interests of us and our clients.
10.3 WHO DO WE SHARE MARKETING SERVICES DATA WITH?
We supply Marketing Services data to our clients and resellers.
Marketing Services Clients
The number and type of clients that we have will vary from time to time. These clients can operate in a variety of sectors, including:
| PRIMARY SECTOR | SUB-SECTOR |
|---|---|
| Charity | Ages, Animals, Armed and Ex Services, Arts, Children and Youth, Community, Culture and Heritage, Disability, Environmental, Education and Training, Employment Trades and Professions, Family, Homeless, Hospices, Human Rights, International, Medical Welfare, Mental Health, Overseas Aid, Religious, Rescue Services, Social Welfare, Sports Recreation and Visual Impairments |
| Finance | Pensions, Loans, Credit cards, Mortgages, Automotive (including dealerships and accessories), Investments and Savings, Insurance Home, Car, Travel, Pet, Personal and Other Insurance |
| FMCG | Supermarkets, Pharmacies and Consumables |
| Home and Family | Building Works, Buying, Changing Career, Children, Computers, Conservatories, DIY, Education, Employment, Electricity Services, Extensions, Finding New Employment, Floorings, Furniture, Further Education, Garages, Gas Services, Health Issues, Home Appliances, Learning, Letting, LPG Services, Oil Services, Other Household Utilities, Returning to Work, Self-Employment, Selling, Smoking, Stables, Starting Work, Telephones and TV |
| Legal | Accident Claims Management, Claims Management Companies, Debt Collection, Debt Consolidation, Legal Liability Claims, Legal Protection Claims, Legal Services, Packaged Bank Account Reclaim, Personal Accident Claims, Personal Injury Claims, Personal Liability Claims, PPI Companies and Claims, Voluntary Arrangements, Will Writing and Wills |
| Lifestyle | Health & Well-being, Fitness, Charities, Media and Publishing, Leisure, Gaming, Legal Services, Education and Photography |
| Marketing Services Providers | Marketing Services Providers and Data Brokers |
| Media | Magazine offers, Cinema, Competitions, Magazine Readership, Publishing, Newspaper Readership and Subscriptions, Offers, Theatre, Specialist Magazines, Surveys, Web Promotions, TV and Film |
| Motoring | Bicycles, Boats (powered and sail), Caravans, Gliding, Helicopter, Mobile Homes, Motorbikes, Motor Vehicles, Motorcycling, Motorhomes and Planes |
| Retail | Online retail, General Stores, Automotive, Property, Home Furnishings, Home Improvements, Fashion and Clothing, Telecoms and Utilities |
| Travel | Holidays, Hotels, Travel Booking and Airlines |
Resellers/Distributors
In addition to the sectors noted above, we also supply Marketing Services data to the following resellers/distributors:
| COMPANY DETAILS | DESCRIPTION OF SERVICE |
|---|---|
| Acxiom Limited https://www.acxiom.co.uk/about-acxiom/privacy/uk-privacy-policy/ | Open register data |
| CACI Limited https://www.caci.co.uk/data-privacy/privacy-policy/ | Open register data |
| Kinesso Limited https://kinesso.com/products-services-privacy-notice/ | Open register data |
10.4 DOES EQUIFAX USE MY DATA FOR ITS OWN MARKETING?
As noted above, Equifax may have a direct relationship with you, for example because you subscribe to receive your Equifax Credit Report and Score, and so we may provide our own marketing to you if you are opted-in to receive it. ). These marketing activities are explained in the separate MyEquifax and Website Privacy Notice.
10.5 HOW LONG WILL WE RETAIN MARKETING SERVICES DATA?
Retention of Equifax’s Marketing Services data is based on the data sets that make up the relevant services. In any case, it will not be retained for longer than is necessary. For example, in relation to open register marketing services, your data will only be held for as long as we hold the open register data (see SECTION 5 - HOW LONG DO WE KEEP YOUR PERSONAL DATA).
10.6 WHAT ARE MY RIGHTS IN RELATION TO MARKETING SERVICES DATA?
Your rights in relation to the personal data we use for Marketing Services are the same as those described in SECTION 9.
In addition to these rights, you have an absolute right to object to direct marketing and to withdraw your consent if our processing is based on consent.
Withdrawing your consent or objecting to Marketing Services processing
You may withdraw your consent or object to your personal data being used for marketing activities by Equifax or our clients at any time. You can notify us directly using the contact information provided in SECTION 1.
When you withdraw your consent or object to marketing, we will add some of your data to our marketing suppression files. These files ensure your data is removed from the Equifax marketing contact data and they may also be shared with clients to ensure they suppress your data from their files. This process does require that your personal data is processed to ensure that it is not used for marketing purposes. Equifax will continue to use your personal data for any other purposes for which we have a lawful basis to do so, as set out in this Notice.
11. WHO CAN YOU COMPLAIN TO IF YOU ARE UNHAPPY ABOUT THE USE OF YOUR PERSONAL DATA?
You have the right to lodge a complaint with the UK’s data protection regulator, the Information Commissioner’s Office (ICO), if you are unhappy about how we have processed your personal data. More information can be found on the ICO’s website here, however, we would really appreciate the chance to deal with your concerns before you approach the ICO and so we ask that you please contact us first. The contact details for Equifax’s Complaints team and the Equifax complaints procedure can be found here.
12. WHERE CAN YOU FIND OUT MORE?
The ICO has published advice and information for consumers on its website and, specifically, in its Credit Explained leaflet.
13. CHANGES TO THIS PRIVACY NOTICE
Equifax may make changes to this Privacy Notice in the future. The revised notice and its effective date will be published on this Website.
