Privacy Hub

MyEquifax and Website Privacy Notice

This privacy notice explains how Equifax processes personal data as part of its core credit reference agency (CRA) activities. These processing activities often relate to personal data that has not been collected directly from the individual.

Download MyEquifax and Website Privacy Notice

Date last updated: July 2024

You will know us as Equifax but our legal name is Equifax Limited (“Equifax”, “we”, “our” and “us”). We are committed to protecting the privacy of individuals who use myEquifax products and services (“myEquifax”) and users visiting the Equifax.co.uk website, which includes Equifax Online Help (the “Website”).

This MyEquifax and Website Privacy Notice (“Privacy Notice”) describes how and why Equifax uses personal data relating to:

individuals who enquire about or receive myEquifax products and services, such as Credit Report and Score (including WebDetect and Social Scan) and the Statutory Credit Report via the Website or through some other means;
users of the Website; and
those who communicate with us (“You”).

You should read this Privacy Notice to understand what we are doing with your personal data, including our lawful basis for processing it, who we share it with and your rights in relation to your personal data. “Personal data” is any information that relates to a living identifiable person. Your name, address and contact details are all examples if they identify you. To “Process” means any activity relating to personal data, including its collection, storage, transfer or other use.

Equifax is a “Controller” of your personal data, which means that we make decisions about how and why we process it. As a Controller, we’re responsible for making sure that it’s processed in accordance with data protection laws.

We also make available other privacy notices which relate to specific Equifax products or services, or other Equifax group companies. These apply in conjunction with this Privacy Notice, so please ensure that you read every relevant notice. Our privacy notices include:

Privacy Notice	Processing Activities
MyEquifax and Website Privacy Notice (THIS NOTICE)	This privacy notice explains how Equifax processes personal data relating to its myEquifax products and services (e.g. Credit Report and Score, WebDetect and Social Scan) and users of the Equifax website. These processing activities usually relate to personal data that has been collected directly from the individual or from the individual’s direct use of myEquifax products and services, as well as the Equifax website.
Equifax Credit Reference and Related Services Privacy Notice	This privacy notice explains how Equifax processes personal data as part of its core credit reference agency (CRA) activities. These processing activities often relate to personal data that has not been collected directly from the individual.
Credit Reference Agency Information Notice (CRAIN)	This privacy notice, produced with Experian and Transunion (the other key CRAs), explains how personal data is processed for core credit referencing activities. This often relates to personal data that has not been collected directly from the individual.
Equifax (TDX) Debt Services Privacy Notice	This privacy notice explains how Equifax’s group company, TDX Group Limited, processes personal data to support clients with debt management and recovery.
Equifax and Consents Online Open Banking Privacy Notice	This privacy notice explains how Equifax’s group company, Consents Online Limited, processes personal data to provide clients with access to consumer transaction data held within payment accounts. This is known as open banking.
Equifax Workforce Solutions Privacy Notice	This privacy notice describes how and why Equifax processes personal data to administer our Workforce Solutions database and related services.

CONTENT OF THIS PRIVACY POLICY:

How can you contact us?
What types of personal data do we process and where do we get it?
What do we do with your personal data and why?
Who do we share your personal data with and why?
Where in the world is your personal data processed?
How do we communicate with you?
How do we safeguard your personal data?
How long do we keep your personal data?
Cookies and other digital tracking technologies
What are your rights in relation to your personal data?
Changes to this privacy policy

1. HOW CAN YOU CONTACT US?

You can contact us by:

Post: Equifax Limited, Customer Service Centre, PO Box 10036, Leicester, LE3 4FS.
Website: https://www.equifax.co.uk/Contact-us/Contact_Us_Personal_Solutions.html
Equifax Online Help: www.equifax.co.uk/ask
Phone: 0333 321 4043 or 0800 014 2955

Equifax has a dedicated Data Protection Officer (DPO) who can be contacted by:

Post: Equifax Limited, Data Protection Officer, PO Box 10036, Leicester, LE3 4FS.
Email: UKDPO@equifax.com

2. WHAT TYPES OF PERSONAL DATA DO WE PROCESS AND WHERE DO WE GET IT?

Depending on your use of myEquifax, the Website and any contact with us (through the Website or otherwise), we will collect and/or receive the following types of personal data:

Category	Type of personal data	Collected from
Contact Information	Name Postal address Phone number Email address Contact preferences	You directly (e.g. where prompted to provide it or when you contact us, including through the Website). MyEquifax Family Plan main account holders (when inviting additional users to join)
Website Information	Internet protocol (IP) address Browser type Date and time of Website access Your browser and information about your usage activities collected via cookies, other digital tracking technologies and online identifiers (please see our COOKIE NOTICE for more information)	The device you use to access the Website.
myEquifax Information	Credit reference information used to generate your credit report and score (please see the Equifax Credit Reference and Related Services Privacy Notice for more information about how and why personal data is processed for credit referencing purposes). User ID and passwords Bank account information for payment and subscription purposes (including payment card details) Communications we may have sent or received from you in relation to your myEquifax products and services Assigned rewards codes from third party rewards providers In relation to the WebDetect product: your credit card number (we only store and process this in an encrypted state and never in its full 16 digit numerical format); your bank account number and sort code (the full account number and sort code is encrypted) alerts highlighting potential instances of fraud or data theft In relation to the Social Scan product: information you permit us to review on your social media profiles In relation to the Family Plan product: main account holders will see the name and email address of invited additional users (no other account data is shared with main account holders) In relation to Finance Monitor: your financial account transaction data, including bank accounts	You directly (e.g. where prompted to provide it when signing up to receive myEquifax products and services). From third party sources, in relation to the WebDetect and Social Scan products (e.g. where we have identified potentially stolen data relating to you or at risk information included on your social media profile). In relation to the Finance Monitor product, from Consents Online Limited (an Equifax Group compa ny). For more information, see the Equifax and Consents Online Open Banking Privacy Notice.
Survey and Feedback Information	Name Review of Equifax’s products and services	Equifax uses a third party review provider, Trustpilot, to receive and publish reviews from consumers. Reviews are submitted via the Trustpilot platform in the first instance and we then show a selection of these on our website. For more information about Trustpilot’s privacy practices, please see their privacy terms here.
Special Category Information	Details of any disability or vulnerability, necessary for us to amend the way in which we provide our products and services or communicate with you	You directly or a third party acting on your behalf.

3. WHAT DO WE DO WITH YOUR PERSONAL DATA AND WHY?

We process your personal data for specific purposes in connection with:

your use of our Website;
any myEquifax products and services you have enquired about or receive from us;
your communications with us;
any other engagements you may have with us; and
the management and administration of our business.

We are required by law to always have a lawful basis (meaning a reason or justification) for processing your personal data. There are a number of lawful bases set out in data protection law but we consider the following to be most relevant to our processing of your personal data:

The processing is necessary in order for us to enter into or perform a contract with you (Contract)
The processing is necessary to comply with a legal obligation (Legal Obligation)
The processing is necessary for the legitimate interests pursued by us or a third party, and these are not overridden by your interests or fundamental rights (Legitimate Interests)
The processing is on the basis of your consent (Consent)

The table below sets out the purposes for which we process your personal data and the lawful bases we rely on for that processing.

Where we have indicated that our use of your personal data is necessary for us to enter into or perform a contract with you, and you choose not to provide the relevant personal data, we may not be able to enter into or continue our arrangement with you. Practically, this may mean that you are not able to access certain areas of our Website or receive certain services.

Purpose of Processing	Consent	Contract	Legal Obligation	Legitimate Interests
Using your Contact Information to respond to your enquiries and/or complaints				✔ (it is in our mutual interest to respond)
Using your Contact Information to send you information relevant to any services your receive from us		✔ (where we are required to provide any information under contract)		✔ (it is in our mutual interest that you be updated with pertinent information)
Using your Contact Information to invite you to open a Family Plan additional user account				✔ (it is in our mutual interest that you receive an invitation)
Using your Contact Information to send you direct marketing as set out in the section HOW DO WE COMMUNICATE WITH YOU (below)	✔ (where consent is legally required)			✔ (it is in our mutual interest to ensure that you are updated about products/services that may be of interest)
Using Survey and Feedback Information to promote our business, our Website, our products and services, and to help us improve our products, services and customer service				✔
Using Website Information to ensure the operation and performance of the Website (please also see our COOKIE NOTICE)				✔ (we need to ensure that the Website functions correctly)
Using Website Information to improve the functionality of the Website				✔ (it is in our mutual interest to improve the Website)
Using your myEquifax Information to provide you with myEquifax products and services that you have enquired about, purchased or been invited to		✔ (where such processing is necessary for us to provide the product/service)		✔ (it is in our mutual interest to provide our product/service to you)
Using Contact Information, Website Information and/or myEquifax Information to enable you to create accounts and log-in, or otherwise gain access to myEquifax products and services through the Website		✔ (where we are required to provide access under contract)		✔ (it is in our mutual interest to provide you with a private log-in to access services)
Using assigned rewards codes to manage your subscriptions with third party rewards providers		✔ (where such processing is necessary for us to provide the reward and manage your subscription)
Using any relevant personal data to establish and enforce our legal rights or to comply with a court order, law enforcement requirement (or other legally mandated request) or legal obligation			✔
Using any relevant personal data for our general record keeping and Website user management		✔ (where we are required to maintain records under contract)		✔ (we may need to store Website user data so that we can refer back to it)
Using any relevant personal data in relation to managing the proposed or actual sale, restructuring or merging of any or all parts of our business			✔	✔ (we have a legitimate interest in being able to sell or restructure our business and maintain continuity for us or a buyer)

Where processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. If you decide to withdraw your consent, we will stop processing your personal data for that purpose unless there is another lawful basis that applies and we are relying on – in which case, we will let you know.

Please note that in order to provide certain myEquifax products, such as those related to your credit rating, your credit reference personal data is processed as explained in the Equifax Credit Reference and Related Services Privacy Notice and CRAIN.

Fraud Prevention Agencies (FPAs)

Equifax is also a Fraud Prevention Agency (FPA) and a member of Cifas, which is a not-for-profit fraud prevention service. This means we collect, maintain and share personal data related to known and suspected fraudulent activity. Where Equifax identifies potential fraud, it may share that information with Cifas so that other Cifas members can access it. This enables them to perform additional checks when, for example, a credit application is made in your name. If fraud is detected, you could be refused certain services, finance or employment. Please see the Cifas Privacy Notice for more information.

Anonymised Data

We may convert your personal data into statistical or aggregated form so that you are not identified or identifiable, thereby protecting your privacy and creating anonymised data. Anonymised data is not personal data so we may use this data to conduct research and analysis, including to produce statistical research and reports to help us understand and improve the use of our Website.

Special Category Personal Data

We process personal data in relation to your physical and mental health if you have a disability or vulnerability that you or someone on your behalf has made us aware of. Such processing is only ever with your consent and is for the strictly limited purposes of ensuring that we can communicate with you appropriately and amend our services to assist you.

4. WHO DO WE SHARE YOUR PERSONAL DATA WITH AND WHY?

Equifax may share your personal data with:

its affiliates, i.e. companies that control, are controlled by, or under common control with Equifax; and
selected third parties that we work with.

These recipients within and outside our group may be processing your personal data on our behalf as a service provider (see below) or they may be processing it for their own purposes as a Controller.

We have summarised the categories of recipients with whom we are likely to share your personal data:

Service providers: Equifax may share your personal data with entities that provide services to us, such as vendors and suppliers that provide Equifax with technology, services, and/or content for the operation and maintenance of the Website. Access to your personal data by these service providers is strictly limited to the information reasonably necessary for the service provider to perform its function. Equifax takes steps to help ensure that service providers keep your personal data confidential and comply with Equifax’s privacy and security requirements.
Rewards partners: Equifax may share your personal data with third-party organisations that provide you with rewards, benefits or services (such as a Tastecard) associated with your product or service.
Disclosure for legal reasons or as necessary to protect Equifax: Equifax may release personal data to other parties: (1) to comply with valid legal requirements such as laws, regulations, search warrants or court orders; (2) in special cases, such as a physical threat to you or others, a threat to public security, or a threat to Equifax’s systems or network; or (3) where Equifax believes it is necessary to investigate or prevent suspected or actual harm, abuse, fraud or illegal conduct.
Changes in Equifax‘s corporate structure: If all or any part of Equifax is sold, merged or otherwise transferred to another entity (including a transfer of Equifax‘s assets), the personal data you have provided to Equifax may be transferred as part of that transaction.

5. WHERE IN THE WORLD IS YOUR PERSONAL DATA PROCESSED?

Equifax Limited is a UK based company and the majority of our processing of your personal data takes place within the UK. However, Equifax Limited is part of a global group of companies, therefore your personal data may be transferred to other group members outside of the UK and/or the European Economic Area (EEA). In addition, some of our service providers may have processing operations in other jurisdictions.

While data protection laws in some jurisdictions may not provide the same level of protection to your personal data as it is provided under UK data protection laws, Equifax takes steps to ensure the appropriate protections are in place before knowingly transferring personal data outside of the UK/EEA.

Non-UK Website Users: The Website is intended for users within the United Kingdom. If you use this Website from outside the United Kingdom, please be aware that personal data you provide to Equifax or that Equifax obtains as a result of your use of this Website may be processed and transferred to the United Kingdom and be subject to the laws of the United Kingdom.

6. HOW DO WE COMMUNICATE WITH YOU?

We will use your personal data to communicate relevant information to you in relation to your use of the Website, to respond to any queries or complaints you have and to provide updates in relation to myEquifax products and services you receive from us.

In addition, we would like to keep you up-to-date with other products and services we provide that may be of interest to you. If you have enquired about or purchased myEquifax products and services, you will have been given the option to opt-out of receiving our newsletter and other direct marketing communications. If you have not chosen to opt-out, we will continue to send marketing communications to you.

You can opt-out of receiving direct marketing at any time by either contacting us using the details above, or following the instructions within each marketing communication.

We also use targeting and third party cookies and other digital tracking technologies on our Website, which track your browsing habits and tailor advertising to you. Please see our COOKIE NOTICE which explains our use of cookies and other digital tracking technologies and how you can amend your preferences.

7. HOW DO WE SAFEGUARD YOUR PERSONAL INFORMATION

Equifax is committed to protecting the security of your personal data. We implement appropriate technical and organisational measures, taking into account the nature, scope, context and purposes for processing, as well as the likelihood and severity of risks to your rights and freedoms.

8. HOW LONG DO WE KEEP YOUR PERSONAL DATA?

We retain your personal data for strictly limited periods of time and for no longer than is necessary to fulfil the purposes for which we are processing it. For example, we typically retain personal data relating to myEquifax customers for as long as they receive those products and services and for a period of up to 6 years following cancellation. In limited and specific cases, it may be reasonably necessary for us to retain your personal data for a longer period.

The factors that direct how long we retain personal data for include the following:

laws or regulations we are required to follow;
whether we are in a legal or other type of dispute with each other or any third party;
the type of personal data held about you; and
whether we are asked by you or a regulatory authority to keep your personal data for a valid reason.

For more information about our retention periods, please contact us.

9. COOKIES AND OTHER DIGITAL TRACKING TECHNOLOGIES

Cookies and other digital tracking technologies help us to provide essential services, make sure the Website functions as it should, help us analyse and understand how you use it, personalise your experience and show you adverts relevant to you and your interests on the Website and on third party platforms. You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. Please note that some parts of our Website may become inaccessible or not function properly if you disable or refuse cookies. For more information about what cookies and other digital tracking technologies are, how we use them and how to set or amend your preferences, please read our COOKIE NOTICE.

10. WHAT ARE YOUR RIGHTS IN RELATION TO YOUR PERSONAL DATA?

In certain circumstances, data protection laws provide you with a number of rights in relation to your personal data. You can exercise your rights by contacting us using the details provided above.

Your rights include:

The right of access. This is also known as a data subject access request (DSAR) and allows you to receive copies of your personal data and be provided with certain information in relation to it, such as the purpose for processing. Click here for more information about how to exercise this right.
The right to rectification, which requires us to correct inaccuracies in your personal data. Please see the section below called ‘Personal Data Corrections’ for more information.
The right to erasure. This is also known as the right to be forgotten, and allows you to request that we erase your personal data. This right only applies in certain circumstances.
The right to restrict processing, which requires us to restrict the processing of your personal data in certain circumstances;
The right to data portability. This allows you to receive the personal data that you have provided to us in a machine readable format, where we are processing it on the basis of consent or have entered into a contract with you and the processing is automated.
The right to object. In certain circumstances you can object to our processing of your personal data, such as for direct marketing purposes.
The right not to be subject to automated decision-making, which allows you to raise queries, concerns and request a human review in relation to any decision made solely on the automated processing of your personal data.

Your Statutory Credit Report

In addition to the above, you have the right to obtain your statutory credit report free of charge. Your statutory credit report contains the personal data we hold about you that is relevant to your financial standing. Click here for more information about how to exercise this right.

Personal Data Corrections

We want to make sure that your personal data is accurate and up-to-date, however, as a credit reference agency, much of the personal data we hold about you is received from lenders and banks. We are not able to automatically amend this information. Instead, we are required to follow a set process of informing the relevant lender/bank and seeking their clarity as to the validity of the data. While we do so, we make a note on your file that a rectification request has been made.

For more information about your rights in relation to our core credit referencing activities (most commonly the personal data that has not been collected directly from you), please see theEquifax Credit Reference and Related Services Privacy Notice.

Complaint to the Supervisory Authority

You have the right to lodge a complaint with the UK’s data protection regulator, the Information Commissioner’s Office (ICO), if you are unhappy about how we have processed your personal data. More information can be found on the ICO’s website here, however, we would really appreciate the chance to deal with your concerns before you approach the ICO and so we ask that you please contact us first.

11. CHANGES TO THIS PRIVACY POLICY

Equifax may make changes to this Privacy Notice in the future. The revised notice and its effective date will be published on this Website