Privacy Hub
Equifax Workforce Solutions Privacy Notice
Last updated: January 2026
You will know us as Equifax but our legal name is Equifax Limited (“Equifax”, “we”, “our” and “us”). We’re committed to protecting the privacy of individuals whose personal data we are processing.
This Equifax Workforce Solutions Privacy Notice (“Notice”) describes how and why Equifax uses personal data relating to:
- administering the Equifax Workforce Solutions database and any services which are reliant on the Workforce Solutions database (collectively the “WS Services”). For example, the WS Services use employment-related data to quickly and reliably approve applications for housing, jobs, credit and benefits.
Equifax is a Data Controller (“Controller”) of your personal data, which means that we make decisions about how and why we process it. As a Controller, we’re responsible for making sure that it’s processed in accordance with data protection law. In some circumstances, we operate solely as a Data Processor (“Processor”) of your personal data. This means we have been directed by a separate independent Controller (e.g. an employer to verify your right to work on its behalf).
You should read this Notice to understand what we are doing with your personal data in relation to the WS Services, the basis on which we undertake such use, who we share your data with and your rights in relation to your personal data. “Personal data” is any information that relates to a living identifiable person. Your name, address, contact details and financial data are all examples if they identify you. To “Process” means any activity relating to personal data, including its collection, storage, transfer or other use.
We also make available via the Equifax Privacy Hub other privacy notices which relate to specific Equifax products or services, or other Equifax group companies. These apply in conjunction with this Notice, so please ensure that you read every relevant notice. Our privacy notices include:
Privacy Notice | Processing Activities |
Equifax Credit Reference and Related Services Privacy Notice | This privacy notice explains how Equifax processes personal data as part of its core credit reference agency (CRA) activities. These processing activities often relate to personal data that has not been collected directly from the individual. |
This privacy notice explains how Equifax processes personal data relating to its myEquifax products and services (e.g. Credit Report and Score, WebDetect and Social Scan) and users of the Equifax website. These processing activities usually relate to personal data that has been collected directly from the individual or from the individual’s direct use of myEquifax products and services, as well as the Equifax website. | |
This privacy notice, produced with Experian and Transunion (the other key CRAs), explains how personal data is processed for core credit referencing activities. This often relates to personal data that has not been collected directly from the individual. | |
This privacy notice explains how Equifax’s group company, TDX Group Limited, processes personal data to support customers with debt management and recovery. | |
This privacy notice explains how Equifax’s group company, Consents Online Limited, processes personal data to provide customers with access to consumer transaction data held within payment accounts. This is known as open banking. | |
Equifax Workforce Solutions Privacy Notice (THIS NOTICE) | This privacy notice describes how and why Equifax processes personal data to administer our Workforce Solutions database and related services, for example to quickly and reliably approve applications for housing, jobs, credit and benefits. |
We understand that Equifax’s processing activities are complex and that the language used in relation to our activities is sometimes difficult to understand. We have tried to explain things as simply as possible throughout this Notice, however to assist further we have put together a Privacy Glossary which provides more information about some of the terms used throughout this Notice. Whenever you see a word highlighted like this, you can click through to our Privacy Glossary to learn more.
CONTENT:
- How can you contact us?
- What types of personal data do we process and where do we get it?
- What do we do with your personal data and why?
- What is our lawful basis for processing your personal data?
- Who do we share your personal data with and why?
- Where in the world is your personal data processed?
- How do we communicate with you?
- How do we safeguard your personal data?
- How long do we keep your personal data?
- What are your rights in relation to your personal data?
- Changes to this notice.
1. HOW CAN YOU CONTACT US?
You can contact us by:
- Post: Equifax Limited, Customer Service Centre, PO Box 10036, Leicester, LE3 4FS.
- Website: https://www.equifax.co.uk/Contact-us/Contact_Us_Personal_Solutions.html
- Equifax Online Help: www.equifax.co.uk/ask
- Phone: 0333 321 4043 or 0800 014 2955
Equifax has a dedicated Data Protection Officer (DPO) who can be contacted by:
- Post: Equifax Limited, Data Protection Officer, PO Box 10036, Leicester, LE3 4FS.
- Email: UKDPO@equifax.com
2. WHAT TYPES OF PERSONAL DATA DO WE PROCESS AND WHERE DO WE GET IT?
In order to provide the WS Services, we collect and receive the following types of information:
CATEGORY OF DATA | TYPE OF PERSONAL DATA | WHERE COLLECTED |
Identifiers |
| Your employer |
Employment Information |
| Your employer |
Analysed Information |
| Generated by Equifax |
Contact Information |
| Your employer |
Credit Reference Information |
| Information already held by Equifax and provided to Equifax by lenders or obtained from publicly available sources |
3. What do we do with your personal data and why?
Equifax collects your personal data to provide WS Services to third party customers (“Customer Services”) and employees (“Employee Services”).
Customer Services
Equifax will be engaged by third party businesses to support their identity, income and employment verification requirements. This means Equifax may use your:
- identity and financial details to help credit lenders verify your identity and assess your affordability (ability to repay credit) both at the point of your application for credit and during the lifecycle of the credit product;
- identity and financial details to help companies comply with their regulatory compliance and prevent fraud and/or money laundering;
- employment and financial details to help companies conduct pre-employment screening checks;
- identity and financial details to support landlord and tenant screening processes; and
- identity, employment and financial details to assist public authorities when processing and administering benefits.
Example:
|
Employee Services
Equifax will be engaged by employees to produce letters of employment and income using their identity and financial details.
Example:
|
4. What is our lawful basis for processing your personal data?
We are required by data protection law to always have a “lawful basis” (i.e. a reason or justification) for processing your personal data. There are a number of lawful bases set out in data protection law but we consider the following to be most relevant to our processing of your personal data for WS Services:
- The processing is necessary to comply with a legal obligation (“Legal Obligation”)
- The processing is necessary for the legitimate interests pursued by us or a third party, and these are not overridden by your interests or fundamental rights (“Legitimate Interests”)
The table below sets out the purposes for which we process your personal data and the lawful bases we rely on for that processing.
PURPOSE OF PROCESSING | LEGAL OBLIGATION | LEGITIMATE INTERESTS |
Disclosing your Identifiers, Employment Information and Analysed Information to an Approved Recipient (see SECTION 5 for more information about who we share your personal data with). | ✔ It is in the legitimate interests of Approved Recipients to receive your data in order to assess their ability to provide products/services to you. | |
Analysing your Employment Information to generate Analysed Information and form a picture of your financial circumstances to be shared with Approved Recipients to:
| ✔ It is in the legitimate interests of Approved Recipients to receive a breakdown / assessment of your Employment Information to assess creditworthiness and affordability, and to help determine whether they can provide products/services to you. It is also in our legitimate interests to provide these services to Approved Recipients. | |
Combining Analysed Information with the Credit Reference Information Equifax holds about you, to provide a more complete picture of your financial circumstances, and making this ‘picture’ available to you or Approved Recipients. We may also combine and anonymise your Analysed Information and the Credit Reference Information to create an anonymised aggregated dataset that can be used for research and statistical purposes. Please see the CRAIN and the Equifax Credit Reference and Related Services Privacy Notice for more information about how Credit Reference Information is collated and processed. | ✔ It is in the legitimate interests of Approved Recipients to receive an assessment of your financial circumstances (supported by your Analysed Information) to assess creditworthiness and affordability, and to help determine whether they can provide products/services to you. It is also in our legitimate interests to aggregate and anonymise the data we hold about you to create an anonymised dataset to be used for research purposes and to improve our products and services. These datasets will be anonymous and will not identify you as an individual. | |
Use of your information to detect and report suspected incidents of fraud, or for general crime prevention. | ✔ It is in our legitimate interests to prevent crime and instances of fraud. | |
Using your Contact Information to respond to your enquiries and/or complaints. | ✔ It is in our mutual interests to respond. | |
Using any relevant personal data to establish and enforce our legal rights or to comply with a court order, law enforcement requirement (or other legally mandated request) or legal obligation. | ✔ | |
Using any relevant personal data in relation to managing the proposed or actual sale, restructuring or merging of any or all part(s) of our business. | ✔ | ✔ We have a legitimate interest in being able to sell or restructure our business and maintain continuity for us or a buyer. |
We may also use your personal data to conduct research and analysis, including to produce anonymous statistical reports. Where appropriate, we will convert your personal data into statistical or aggregated form to better protect your privacy, or so that you are not identified or identifiable (thereby creating anonymised data). Anonymised data is not personal data and can be used, for example, to help us understand and improve the analytics we undertake of Employment Information to create Analysed Information. We may also share anonymised data or the research we produce from our analysis of anonymised data, with third parties.
5. Who do we share your personal data with and why?
Affiliates and Third Parties
Equifax may share your personal data with:
- its affiliates, i.e. companies that control, are controlled by, or under common control with Equifax; and
- selected third parties that we work with.
These recipients within and outside our group may be processing your personal data on our behalf as a service provider (see below) or they may be processing it for their own purposes as a Controller in their own right.
We have summarised the categories of recipients with whom we are likely to share your personal data:
- Service providers: Equifax may share your personal data with entities that provide services to us, such as vendors and suppliers that provide technology, services, and/or content for the operation and maintenance of the WS Services we provide. Access to your personal data by these service providers is strictly limited to the information reasonably necessary for the service provider to perform its function. Equifax takes steps to help ensure that service providers keep your personal data confidential and comply with Equifax’s privacy and security requirements.
- Disclosure for legal reasons or as necessary to protect Equifax: Equifax may release personal data to other parties: (1) to comply with valid legal requirements such as laws, regulations, search warrants or court orders; (2) in special cases, such as a physical threat to you or others, a threat to public security, or a threat to Equifax’s systems or networks; or (3) where Equifax believes it is necessary to investigate or prevent suspected or actual harm, abuse, fraud, or illegal conduct.
- Changes in Equifax’s corporate structure: If all or any part of Equifax is sold, mergedor otherwise transferred to another entity (including a transfer of assets), your personal data may be transferred as part of that transaction.
Customers (referred to as “Approved Recipients”)
We are required to disclose your data to third party customers who receive Customer Services to enable them to provide products and services to you. Such customers may operate in the following industries: (i) credit providers (e.g. banks and building societies), (ii) finance scheme providers (e.g. car and retail loan and/or hire purchase providers), (iii) public sector departments (e.g. HMRC and benefit providers), (iv) landlords, and (v) businesses undertaking pre-employment screening.
6. Where in the world is your personal data processed?
Equifax Limited is a UK based company and the majority of our processing of your personal data takes place in the UK. All information and personal data processed by Equifax is stored on encrypted servers at secure physical locations (whether these be our own servers or those of cloud service providers that we use; Google data centres based in the UK with backups in the EU). Equifax has internal policies and controls in place to keep personal data secure and minimise the risk of it being lost, misused, disclosed or accidentally destroyed.
Equifax Limited is part of a global group of companies, therefore your personal data may be transferred to other group members outside of the UK and/or the European Economic Area (EEA). In addition, some of our service providers may have processing operations in other jurisdictions.
While data protection law in some jurisdictions may not provide the same level of protection to your personal data as it is provided under UK data protection law, Equifax takes steps to ensure the appropriate protections are in place before knowingly transferring personal data outside of the UK/EEA. Details of Equifax’s main data processors and where they operate can be found in the Equifax Credit Reference and Related Services Privacy Notice(SECTION 5).
Where Equifax Limited is transferring personal data to Equifax Inc. and its U.S. subsidiary Kount Inc. (together, ’Equifax US’), Equifax US complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF as set forth by the U.S. Department of Commerce. Please see the Equifax Inc. Privacy Statement (SECTION EU-U.S. and the UK Extension to the EU-U.S. Data Privacy Frameworks) for more detailed information about Equifax’s certification to the Data Privacy Framework (DPF) program and what this means. To learn more about the DPF program, and to view the Equifax certification, please visit the DPF’s website here.
7. How do we communicate with you?
Equifax will use your personal data to communicate information relevant to the WS services, and to respond to any queries or complaints you may have.
Equifax does not use your personal data processed in relation to WS Services for any direct marketing purposes.
We also use targeting and third party cookies and other digital tracking technologies on our Website, which track your browsing habits and tailor advertising to you. Please see our Cookie Notice which explains our use of cookies and other digital tracking technologies and how you can amend your preferences.
8. How do we safeguard your personal data?
Equifax is committed to protecting the security of your personal data. We implement appropriate technical and organisational measures, taking into account the nature, scope, context and purposes for processing, as well as the likelihood and severity of risks to your rights and freedoms.
9. How long do we keep your personal data?
We retain your personal data for strictly limited periods of time and for no longer than is necessary to fulfil the purposes for which we are processing it. For example, we typically retain personal data in relation to WS Services for 7 years to support income and employment verifiers who may need such a level of historic data to support their verifications.
In limited and specific cases, it may be reasonably necessary for us to retain your personal data for a longer period.
The factors that direct how long we retain personal data for include the following:
- laws or regulations we are required to follow;
- whether we are in a legal or other type of dispute with each other or any third party;
- the type of personal data held about you; and
- whether we are asked by you or a regulatory authority to keep your personal data for a valid reason.
For more information about our retention periods, please contact us.
10. What are your rights in relation to your personal data?
In certain circumstances, data protection law provides you with a number of rights in relation to your personal data. Please see the Equifax Credit Reference and Related Services Privacy Notice(SECTION 9) for more detailed information about your rights and how you can exercise them.
11. Changes to this notice.
Equifax may make changes to this Notice in the future. The revised notice and its effective date will be published on this website.