MyEquifax and Website Privacy Notice

Date last updated: Nov 2021

Equifax Limited (“Equifax”, “we”, “our” and “us”) is committed to protecting the privacy of the users visiting the Equifax.co.uk website (theWebsite).

This website, cookies and consumer services privacy policy (“Privacy Policy”) describes how and why Equifax uses personal data about:

• users of the Website;
• those who communicate with us; and
• individuals who enquire about or receive consumer services from us (“Consumer Services”) either via the Website or through some other means (“you”)

You should read this Privacy Policy to understand what we are doing with your personal data, the basis on which we undertake such use, who we share your data with and your rights in relation to your personal data.

“Personal data” is any information that relates to an identifiable natural person. Your name, address and contact details are all examples, if they identify you. The term “process” means any activity relating to personal data, including (for example) its collection, storage, transfer or other use.

We are a so-called “Controller” of your personal data. This means that we make decisions about how and why we process your personal data and because of this, we are responsible for making sure that it is used in accordance with data protection laws.

We may also make available other privacy policies or information notices in relation to specific products or business functions. These will apply in conjunction with this Privacy Policy so please ensure that you review each document, as applicable.

For example, details of how we process personal data as part of our core credit referencing activities and other products and services, can be found in both the “Credit Reference Agency Information Notice” (CRAIN) and the “Equifax Information Notice” (EIN). Copies of which can be found here:

• CRAIN - www.equifax.co.uk/crain
• EIN - www.equifax.co.uk/ein

CONTENT OF THIS PRIVACY POLICY:

1. How can you contact us?
2. What types of personal data do we process and where do we get it?
3. What do we do with your personal data and why?
4. Who do we share your personal data with and why?
5. Where in the world is your personal data processed?
6. How do we communicate with you?
7. How do we safeguard your personal data?
8. How long do we keep your personal data?
9. Cookies
10. What are your rights in relation to your personal data?
11. Changes to this privacy policy

1. HOW CAN YOU CONTACT US?

We can be contacted by any of the following methods:

Post: Equifax Ltd, Customer Service Centre, PO Box 10036, Leicester, LE3 4FS.

Web Address: https://www.equifax.co.uk/Contact-us/Contact_Us_Personal_Solutions.html

Secure email via: www.equifax.co.uk/ask

Phone: 0333 321 4043 or 0800 014 2955

Additionally, Equifax Ltd has a dedicated Data Protection Officer who can be contacted as follows:

Post: Equifax Ltd, Data Protection Officer, PO Box 10036, Leicester, LE3 4FS.

Email: UKDPO@equifax.com

2. WHAT TYPES OF PERSONAL DATA DO WE PROCESS AND WHERE DO WE GET IT?

Depending on your use of the Website, use of consumer services and any contact with us (whether through the Website or otherwise), we will collect and/or receive the following types of information:

3. WHAT DO WE DO WITH YOUR PERSONAL DATA AND WHY?

We process your personal data for particular purposes in connection with:

• your use of our Website;
• any consumer services product(s) you have enquired about or receive from us;
• your communications with us;
• any other engagements you may have with us; and
• the management and administration of our business.

We are required by law to always have a lawful basis (meaning a reason or justification) for processing your personal data. There are a number of lawful basis set out in data protection law but we consider the following to be most relevant to our processing of your personal data:

• The processing is necessary in order for us to enter into or perform a contract with you (Contract)
• The processing is necessary to comply with a legal obligation (Legal Obligation)
• The processing is necessary for the purposes of legitimate interests pursued by us or third party, and these are not overridden by your interests or fundamental rights (Legitimate Interest)
• The processing is on the basis of your consent (Consent)

The table below sets out the purposes for which we process your personal data and the relevant lawful basis on which we rely for that processing.

Please note that where we have indicated that our use of your personal data is necessary for us to comply with legal obligations or for us to take steps, at your request, to enter into an arrangement with you (or perform it), and you choose not to provide the relevant personal data, we may not be able to enter into or continue our arrangement with you. Practically, this may mean that you are not able to access certain areas of our Website or receive certain services.

Where our processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. If you do decide to withdraw your consent, we will stop processing your personal data for that purpose unless there is another lawful basis that also applies and which we are relying on – in which case, we will let you know.

Please note that in order to provide certain consumer services products (in particular, those related to your credit rating), your credit reference information will be processing in accordance with the following fair processing notices (such processing is not covered by this notice):

• CRAIN - www.equifax.co.uk/crain
• EIN - www.equifax.co.uk/ein

Equifax is also a Fraud Prevention Agency ("FPA") and member of Cifas, a not-for-profit fraud prevention service. This means we collect, maintain and share data on known and suspected fraudulent activity. Where Equifax identifies potential fraud, it may share that information with Cifas so that other Cifas members can access it. This enables them to perform additional checks when (for example) a credit application is made in your name. If fraud is detected, you could be refused certain services, finance or employment.

Please refer to the Cifas privacy notice at https://www.cifas.org.uk/fpn for more details.

We may also convert your personal data into statistical or aggregated form to better protect your privacy, or so that you are not identified or identifiable (thereby creating anonymized data). Anonymized data is not personal data and we may use such data to conduct research and analysis, including to produce statistical research and reports. For example, to help us understand and improve the use of our Website.

Special Category Data

As noted in the section titled WHAT TYPES OF PERSONAL DATA DO WE PROCESS AND WHERE DO WE GET IT?, we also process information in relation to physical and mental health to the extent that you have a disability or vulnerability, which you (or someone acting on your behalf) has made us aware of. Such processing is only ever with your consent and is for the purposes of ensuring that we can communicate with you in an appropriate format or otherwise amend our services so that they can be received by you.

4. WHO DO WE SHARE YOUR PERSONAL DATA WITH AND WHY?

Equifax may share your information with the following entities:

Affiliates and Third Parties: Equifax may share your information with its affiliates—companies that control, are controlled by, or under common control with Equifax —as well as selected third parties with whom Equifax works.

These recipients within and outside our group, may be processing your personal data on our behalf as a Service Provider (see below) or they may be processing it for their own purposes as a controller in their own right.

We have summarised below the categories of recipients with whom we are likely to share your personal data.

Service Providers: Equifax may share your personal data with entities that provide services to it, such as vendors and suppliers that provide Equifax with technology, services, and/or content for the operation and maintenance of the Website. Access to your personal data by these service providers is limited to the information reasonably necessary for the Service Provider to perform its limited function. Equifax takes steps to help ensure that Service Providers keep your personal data confidential and comply with Equifaxs privacy and security requirements.

Disclosure for Legal Reasons or as necessary to protect Equifax: Equifax may release personal data to other parties: (1) to comply with valid legal requirements such as laws, regulations, search warrants or court orders; (2) in special cases, such as a physical threat to you or others, a threat to public security, or a threat to Equifaxs system or network; or (3) cases in which Equifax believes it is reasonably necessary to investigate or prevent suspected or actual harm, abuse, fraud, or illegal conduct.

Changes in Equifax's corporate structure: If all or any part of Equifax is sold, merged or otherwise transferred to another entity (including a transfer of Equifax's assets), the personal data you have provided to Equifax may be transferred as part of that transaction.

5. WHERE IN THE WORLD IS YOUR PERSONAL DATA PROCESSED?

Equifax is a UK based company and the majority of our processing of your personal data takes place within the UK. However, Equifax is part of a global group of companies and it may transfer your personal data to other group members outside of the UK and/or the European Economic Area. In addition, some of our Service Providers (please see above) may have processing operations in other jurisdictions.

Please be aware that the data protection laws in some jurisdictions may not provide the same level of protection to your personal data as is provided to it under UK laws.

Non-UK Users:  The Website is intended for users within the United Kingdom.  If you use this Website from outside the United Kingdom, please be aware that information you provide to Equifax or that Equifax obtains as a result of your use of this Website may be processed and transferred to the United Kingdom and be subject to the laws of the United Kingdom.

6. HOW DO WE COMMUNICATE WITH YOU?

We will use your personal data in order to communicate relevant information in relation to your use of the Website, to respond to any queries or complaints you may have and to provide updates in relation to the consumer services and products you receive from us.

In addition, we would like to keep you up to date with other products and services that we provide and which may be of interest to you.

Where you have enquired about or purchased consumer services products from us, you will have been given the option to opt out of receiving our newsletter and other marketing communications from us, in relation to similar products and services that we provide. Where you do not choose to opt out, we will send such communications to you via email.

You can opt-out of receiving these marketing communications at any time by either contacting us (please see the section HOW CAN YOU CONTACT US?, above) or following the instructions within the relevant communications. 

We also use targeting cookies and third party cookies on our Website, which track your browsing habits and tailor advertising to you. Please see the COOKIES section below, which explains our use of cookies and how you can amend your cookies preferences.

7. HOW DO WE SAFEGUARD YOUR PERSONAL INFORMATION

Equifax are committed to protecting the security of your personal data and implement appropriate technical and organisational measures taking into account the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of you, as an individual. 

8. HOW LONG DO WE KEEP YOUR PERSONAL DATA?

We will only retain your personal data for a limited period of time and for no longer than is necessary for the purposes for which we are processing it.

For example, we will typically retain personal data in relation to consumer services customers, for so long as they receive those services and for a period of up to 6 years following cancellation of the services.

In some cases, it may be necessary for us to retain your personal data for different periods. The factors that direct how long we will retain personal data include the following:

• any laws or regulations that we are required to follow;
• whether we are in a legal or other type of dispute with each other or any third party
• the type of information held about you; and
• whether we are asked by you or a regulatory authority to keep your personal data for a valid reason.

For more information regarding our retention periods, please contact us.

9. COOKIES

What is a Cookie?

Cookies are text files containing small amounts of information which are downloaded to your device when you visit a website. A device can refer to a computer, smartphone, tablet or any other device from which you gain internet access. Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognises that cookie. Cookies are useful because they allow a website to recognise a users device.

You can find more information about cookies at:

http://www.allaboutcookies.org and http://www.youronlinechoices.eu

For a video about cookies visit: 

https://www.youtube.com/watch?v=TBR-xtJVq7E

Cookies do lots of different jobs, like letting you navigate between pages efficiently, remembering your preferences, and generally improve the user experience. They can also help to ensure that adverts you see online are more relevant to you and your interests.

Do we use similar technologies?

Yes. We use other similar technologies such as web beacons (also called pixel tags or clear gifs). Though for the purposes of this policy, we use the term cookies to refer to both technical cookies and similar technologies.

Who can drop cookies on my device?

First-party cookies:

First-party cookies are placed on your device by Equifax. We use first-party cookies to, for example, enable that the Website functions correctly and to better understand your use of the Website.

Third-party cookies:

Third-party cookies are placed on your device by our selected partners and service providers. Equifax uses third-party cookies to, for example, measure user numbers on the Website, and to provide you with relevant advertising.

What type of cookies do we use and why?

When you visit the Website, essential cookies will be set on your device. Other cookie types (as listed below) will also be set on your device if you choose to accept them.

How to manage cookies

Both essential and functional cookies will be set automatically when you visit the Website. Performance and analytics cookies and advertising and targeting cookies will be deployed only following your acceptance via the cookies banner.

Our cookies banner provides users with the option to reject all but the essential cookies. 

Also, whether the cookies are deployed automatically or following your consent, you can choose to reject or block the use of cookies at any time by changing your browser settings.

You can find out how to do this for your particular browser by clicking help on your browsers menu, or by visiting: www.allaboutcookies.org . 

Please be aware that if you use different devices to view and access the Website (e.g. your computer and smartphone), you will need to ensure that each browser on each device is adjusted to suit your cookie preferences.

The cookies we use

The following is a list of the cookies we currently use on the Website:

Links to Third Party Websites: Both this Privacy Policy and the Website include links to third party websites that might be of interest to you. Equifax is not responsible for the security or privacy practices of other websites that you use through these links.  You should exercise caution when using such websites, and you should read their privacy policies in order to better understand what information they collect about you and how they use it.

10. WHAT ARE YOUR RIGHTS IN RELATION TO YOUR PERSONAL DATA?

Data protection law provides you with a number of rights in relation to your personal data (which are summarized below). You can exercise these rights by contacting – please see the section HOW CAN YOU CONTACT US above.

Subject to the requirements of applicable laws and certain limitations or exemption, you have the right to:

• access your personal data and be provided with certain information in relation to it, such as the purpose for which it is processed;
• require us to correct any inaccuracies in your personal data without undue delay;
• require us to erase your personal data (please be aware that the right of erasure under data protection law is not an absolute right as it only applies in relation to one or more specific circumstances);
• require us to restrict the processing of your personal data;
• receive the personal data which you have provided to us in a machine readable format, where we are processing it on the basis consent or to comply with a contract with you (please see the above tables) and such processing is automated; and
• object to a decision that we make which is based solely on automated processing of your personal data.

Access to your credit report and corrections

In addition to the rights listed above, you also have the right to obtain your statutory credit report free of charge. This report contains all the personal data we hold about you that is relevant to your financial standing. Click here if you wish to find out how to exercise this right:

https://www.equifax.co.uk/Products/credit/statutory-report.html

Should you wish to request access to all of the personal data we hold about you (not just your credit report) you have the right to do so (as noted above). Click here if you wish to find out how to exercise this right:

We want to make sure that your personal information is accurate and up to date. However, please be aware that as a credit reference agency, much of the information we hold about you is received from lenders and banks. We are not able to automatically amend this information upon request. We must instead follow a set process of informing the relevant lender and seeking their clarity as to the validity of the data. While this process is undertaken, we will make a note on your file that a rectification request has been made.  For more details on your rights please review the Equifax Information Notice at www.equifax.co.uk/ein

You also have the right to lodge a complaint with the Information Commissioners Office (ICO), which is the UK data protection regulator. More information can be found on the ICO website at https://ico.org.uk/

11. CHANGES TO THIS PRIVACY POLICY

Equifax may change this online privacy policy in the future.  If we make changes to this online privacy policy, it will post the revised privacy policy and its effective date on this Website.