Last updated: February 2024

Almost every country in the world recognises privacy in some way. In the UK, ‘privacy’ or ‘the right to a private life’ plays a pivotal role in human rights (the Human Rights Act 1998). It covers things like your personal identity and how you look and dress, your sexuality, your body, forming and maintaining relationships with other people, and how your personal information or data is held and protected (in other words, ‘data protection’). Data protection originates from the right to privacy.

The UK GDPR and DPA 2018 are data protection laws in the UK. These laws include principles, rights and obligations which apply when personal data is processed.

When we refer to personal data being ‘processed’, we mean any activity relating to personal data, including its collection, storage, transfer, or other use.

The UK GDPR and DPA 2018 give individuals rights over their personal data including the ‘right to be informed’. We inform individuals about how their data will be used by Equifax through various privacy notices which relate to our different processing activities. Our available privacy notices can be found here.

Yes. We review our privacy notices regularly and update them whenever we make changes to how we are processing personal data.

A data controller decides how and why personal data is processed. The data controller is responsible for ensuring that this data is processed lawfully and fairly.

A Data Protection Officer (DPO) is a position set out in the UK GDPR and DPA 2018. DPOs assist organisations in monitoring internal compliance, informing and advising on data protection obligations, providing advice regarding Data Protection Impact Assessments (DPIAs) and acting as a contact point for data subjects and the Information Commissioner’s Office (ICO). Equifax’s DPO can be contacted via

Data controllers must have a valid reason under data protection law for processing personal data. This is known as a ‘lawful basis’.

We aim to respond to data subject access requests within the statutory deadline of one calendar month. In certain circumstances this deadline may be extended, in which case we will explain to you at the time.

Equifax Ltd is based in the UK and we keep our main databases here, however we also have operations elsewhere inside and outside the European Economic Area, which means that personal data may be accessed by or transferred to Equifax Group companies or service providers in other countries. When Equifax does send or allow access to personal data overseas we make sure suitable safeguards are in place to protect the data. Please see section 6 of the Equifax Credit Reference and Related Services Privacy Notice for more information about this.

Cookies and other digital tracking technologies do lots of different jobs like letting you navigate between pages efficiently, remembering your preferences, and generally improving the user experience. They can also help to ensure that adverts you see online are more relevant to you and your interests. For more information about cookies you can visit All About Cookies, Your Online Choices or watch this video here.

Cookies and other digital tracking technologies generally work by storing small files on your device as well as unique identifiers. They collect, record and share information about you and/or your device when you view a website, app or email. This information can include your language preference or login information, the device and/or browser you are using, the date and time of visits, and how you are using a website or app (for example, what pages you view the most).

For more information about how we use cookies and other digital tracking technologies at Equifax, please see our MyEquifax and Website Privacy Notice.

You can update your cookie settings at any time via Equifax’s cookie preference centre here. You can also manage and delete cookies by changing your internet browser settings. Find out how to manage cookies on popular browsers:

Desktop browser instructions:

Mobile browser instructions:

Click here for instructions to opt-out of being tracked by Google Analytics across all websites.

Please be aware that if you use different devices to view and access the internet (e.g. your computer and smartphone), you will need to ensure that each browser on each device is adjusted to suit your cookie preferences.

We hope that we will be able to resolve any complaints you have about how Equifax is processing your personal data. If you have a complaint, please contact our Complaints team. Full contact details and the Equifax complaints procedure can be found here. Equifax’s Data Protection Officer can also be contacted directly via

We know privacy and security is important to you and it’s important to us too, which is why we’ve invested over $1.5bn (!) on it over recent years. Earlier this year, we furthered our commitment to transparency in cybersecurity by making our security and privacy controls framework public for the benefit of security and privacy teams at organisations of all sizes. We hope that by empowering other companies to set a cybersecurity and privacy posture that’s more adaptable to evolving threats, our commitment to ensuring strong security and protecting your privacy is clear to see. You can read more about Equifax’s Security Controls Framework here.