Equifax Privacy Statement

Last Updated: December 2019

This privacy statement describes how Equifax Inc. and its United States affiliates (“Equifax”) collect, use, and share personal data about individuals in the United States. Individuals outside the United States should refer to the privacy statements for their country on our country-specific websites.

Employment Data

Please note we restrict the use of personal data collected through our employment-related products, such as I-9, W-2 form management and employment verification. Please read the Equifax Workforce Solutions section for more information. 

Consumer Reporting Activity

Certain Equifax affiliates are consumer reporting agencies, as defined under the federal Fair Credit Reporting Act (“FCRA”) and certain similar state laws and regulations. Each of these affiliates comply with the FCRA requirements regarding the collection, use, and sharing of personal data used in consumer reports. 

California Residents

Please note this privacy statement also contains a section devoted to the rights of California residents under the California Consumer Privacy Act of 2018 (“CCPA”): California Residents

BACK TO TOP

Personal Data Collected

Equifax collects the following categories of personal data:

Name and contact information. Your first and last name, email address, postal address, phone number, and other similar contact information.

Identifiers. Government-issued identifiers, such as a social security number or driver's license number, and other state-issued identification numbers, as well as other unique identifiers such as those associated with your device.

Demographic information. Information about you such as your age, gender, country, and preferred language.

Payment information. Information required to process payments directly to Equifax, such as your payment card information including its account number and associated security code. 

Financial information. Information about your financial accounts, such as outstanding balances, bank holdings, loan history, bill payment history, and insurance information. In some cases this includes corresponding account numbers. This information is generally collected in our applicable affiliate’s capacity as a credit reporting agency under the FCRA, and, in those instances, our collection, use, and sharing of this information is regulated by the FCRA. We are also provided with this information when acting as a service provider to financial institutions, in which cases our use of the data is regulated by the Gramm-Leach-Bliley Act (“GLBA”). 

Commercial information. Information regarding products or services you have purchased or considered purchasing, or other purchasing or spending histories or tendencies.

Internet or other similar network activity. Information regarding your browsing history, search history, and information about how you interact with our websites, applications, advertisements, or emails.

Device information. Information about the devices you use to access our websites, applications, or advertisements, such as browser, operating system type, device ID, and IP address. Your IP address may be used to identify the general geographic location of your device. 

Professional or employment-related information. Information regarding your employment status, history, and compensation. This is typically provided by your employer or its payroll provider as a result of Equifax providing a Workforce Solutions service to your employer, or otherwise collected through an Equifax affiliate’s capacity as a credit reporting agency under the FCRA. Please read the Equifax Workforce Solutions section for more information.

Support Information. Information you provide when you contact Equifax for support, such as the content of your communications with Equifax, and the products or services related to your inquiry. When you contact us, such as for customer support, phone conversations or chat sessions with our representatives may be monitored and recorded.

Education Information. Information regarding your education history, including degrees earned and student loan financial information.

Inferences drawn from personal data. Profiles or scores developed using your personal data which reflect your preferences, characteristics, or consumer spending profile. 

Public records information. Information about you lawfully made available by federal, state, or local governments. This includes information about legal proceedings in court records and business ownership and affiliation information included in secretaries of state filings. 

BACK TO TOP

Sources of Personal Data

We collect personal data from the following sources:

Directly from you. We collect personal data through our interactions with you, such as when you contact customer support or interact with our social media accounts.  We also collect personal data from you through our products, such as when you register to create an account. Some of this information is collected about your interactions, use, and experience with our products and communications.

Devices and browsers. We collect personal data through browsers and devices that interact with our websites, online services, and mobile applications.

Employers. Companies provide us with personal data about their employees, including prospective and former employees. We usually receive this information as part of providing services to our Workforce Solutions customers. Employment and compensation information is sometimes provided by your employer’s payroll provider on your employer’s behalf. Please read the Equifax Workforce Solutions section for more information. We also receive this information when employers provide or purchase our products as a benefit to their employees.

Financial institutions. We collect personal data from companies that offer financial products or services to consumers, like loans, financial or investment advice, or insurance. This includes banks, mortgage lenders, loan brokers, some financial or investment advisors, insurance companies, and debt collectors.

Consumer credit customers. We collect personal data from businesses you permit to access your consumer credit report information in connection with a transaction between you and the business. For example, this includes retail businesses that offer branded credit cards, car dealerships that arrange or facilitate financing for your car purchase or lease, property managers that evaluate your lease application, utility and telecommunications providers, and third-party businesses that offer you access to the information in your Equifax consumer credit report as part of a product or service. 

Third-party data providers. We purchase personal data from third-party companies that collect and aggregate personal data. Data resellers collect personal data from a variety of sources, including directly from consumers, through devices and browsers, public records, news sources, and from other businesses and data brokers.  

Business customers. Our business customers provide us with personal data when we provide them with our products and services. For example, a business customer may provide us with its customer list so that Equifax can help manage its accounts through our identity resolution services, or provide information to supplement the customer list for marketing purposes. In most instances, Equifax is limited in using the personal data provided by the business customer to provide the product or service requested by the business customer. 

Government agencies and contractors. Federal, state, and local government agencies and contractors provide us with personal data. We receive personal data from government agencies in our role as a service provider for government agencies, when providing compliance solutions for our Workforce Solutions customers, in our affiliates’ role as a consumer reporting agency, and when we receive information used for compliance purposes such as government-maintained sanctions lists. 

Public records. We collect personal data which is sourced from public records made available by federal, state, and local governments. This includes information on real property ownership and sales history, tax assessments, secretary of state filings, court findings, and federally provided sanctions lists.

BACK TO TOP

How We Use Personal Data

Business purposes

We may use or disclose the personal data we collect for one or more of the following business purposes:

  • Provide, improve, and develop our products and services, which includes updating, securing, and troubleshooting, as well as providing support.

  • Personalize our products and services and make recommendations.

  • Advertise and market products and services to you from both affiliated and non-affiliated entities, which includes sending promotional communications, target advertising, and presenting you relevant offers.

  • To fulfill or meet the reason for which the information is provided. For example, if you provide us with personal data in order to dispute information in your consumer report, we may use the information to update your consumer report. 

  • To provide you with email or SMS alerts and other notices concerning our products or services, or events or news, that may be of interest to you.

  • To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collections.

  • To improve our websites and present their contents to you.

  • For testing, research, analysis and product development.

  • To detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity.

  • For authentication purposes when you access our products or services and to help you recover forgotten passwords. 

Sharing Personal Data

We sometimes share personal data with third parties to carry out the above business purposes, including our affiliates and service providers. We may also share your personal data with third parties to whom you consent to us disclosing your personal data. Prior to sharing personal data with third parties, we enter into a contract that describes the purpose and requires the third party to both keep that personal data confidential and secure and not use it for any purpose except performing the contract.

We also share personal data for the following reasons: 

Disclosure for legal reasons or as necessary to protect Equifax, its affiliates and others.  We may release personal data to third parties: (1) to comply with valid legal requirements such as a law, regulation, search warrant, subpoena, court order, or other legal process; (2) in special cases, such as a physical threat to you or others, a threat to homeland security, a threat to our system or network; or (3) cases in which we believe it is reasonably necessary to investigate or prevent harm, fraud, abuse, or illegal conduct.

Changes in our corporate structure.  If all or part of our company is sold or merged, if we make a sale or transfer of assets, or in the unlikely event of a bankruptcy, we may transfer your information, including your personal data, to one or more third parties as part of that transaction.

Commercial Purposes

We use and sell personal data to nonaffiliated third parties for the following commercial purposes: 

Consumer Credit Reporting. Some of our affiliates collect, use, and sell personal data when acting as a consumer reporting agency, as this activity is regulated by the FCRA. Acting as a consumer reporting agency, these affiliates collect personal data about your credit worthiness, credit standing, credit capacity and mode of living from a variety of data furnishers, share this information with credit providers and other entities when they make decisions to extend credit or enter into transactions with you, assist lenders and other creditors with their portfolio management, and use and/or disclose personal data for other permissible purposes under the FCRA, including, but not limited to, insurance underwriting, government benefits, and employment verification, and other uses at the consent of the consumer.

Commercial Credit Reporting. We collect, use, and sell personal data as part of our commercial credit reporting services. These services permit our customers to make informed decisions regarding providing credit to or investing in businesses. Commercial credit reports may contain the names and other personal data of owners, principals, guarantors, or agents of the businesses. 

Workforce Solutions. We collect, use, and sell personal data as part of the Workforce Solutions that we provide to our employer customers. These services enable our customers to provide services and benefits to their employees, and to help manage their workforce in compliance with laws and regulations. Please read the Equifax Workforce Solutions section for more information. 

Marketing Services. We collect, use, and sell personal data as part of our consumer and commercial marketing services. This includes providing customers with personal data of potential customers to inform their marketing efforts, or permitting our customers to enhance their existing marketing lists for accuracy and effectiveness.   

Fraud Detection and Identity Management. We collect, use, and sell personal data as a part of our fraud detection, identity verification, and identity resolution services. These services help us and our customers prevent security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity, as well as more accurately manage the account information of their customers. 

Regulatory Compliance. We collect, use, and sell personal data as part of our regulatory compliance products, which help customers comply with federal, state and local laws and regulations.

Debt Recovery. We collect, use, and sell personal data as part of our debt recovery products. These products help our customers locate consumers for the purposes of collecting debts owed by the consumer. 

BACK TO TOP

Equifax Workforce Solutions

Through its Equifax Workforce Solutions (“EWS”) products, an affiliate of Equifax collects employee personal data from employers and their employees. EWS’s employment verification products use employer-provided information to offer income and employment verification services, which automates the process of employers responding to employment and income verification requests from third parties such as lenders and banks. The collection, use, and sharing of personal data for this purpose is regulated by the FCRA. 

EWS also offers products which allow employers to outsource and automate the performance of certain payroll-related and human resource management business processes, including unemployment claims management, tax credits and incentives, I-9 and W-2 form management services and services which assist with Affordable Care Act compliance. Employers and employees provide employee personal data to Equifax through these EWS products. 

As part of providing EWS services, Equifax and its affiliates agree to only use personal data collected through EWS products for the purpose of providing the EWS services, and not for other purposes such as marketing. This applies to employee personal data provided to Equifax by an employer and personal data provided to Equifax by an employee through interacting with an EWS product. 

In some instances, when permitted by its clients, EWS uses deidentified employee data to perform analytics, modeling and/or demographic studies. This deidentified employee data does not include any information that individually, or collectively, could be used to identify either the employer or individual employees.

BACK TO TOP

Cookies, Web Beacons and Other Technology 

Cookies

We use session and persistent cookie technology. Cookies are text files saved by a device’s browser that stores information. That information is available to us later when the browser returns to one of our websites.

Web Beacons 

Web beacons are small pieces of code placed on webpages, videos, and in emails. They tell us when a person views a web page, opens a video or reads their email. 

Other local storage

We use other kinds of local device storage in connection with the use of our services. These technologies are similar to cookies in that they are stored on devices. Local storage allows us to monitor people’s activities on our services and store their preferences.

Measurement Code

We use code on our websites to estimate financial and other attributes of our visitors. This is done by correlating the IP address of the visitor with a geographic location. We then correlate that with general financial and economic information about people in that location.

Third-party cookies and tracking technology

Our partners use cookies, web beacons, and other technologies for similar purposes. We have agreements with companies, sometimes called "Ad Networks," that serve advertising on behalf of other companies. These Ad Networks may place or recognize a cookie, called a "third party cookie," on a visitor’s computer when they visit a website not affiliated with us that has a contract with them. Ad Networks use cookies to understand web usage patterns of people who see advertisements, to control the sequence of advertisements they see, to provide them with the most relevant advertising, and to make sure they don't see the same ad too many times. Ad Networks may connect information about pages visited on our site with information about pages visited on other sites. They show advertising based on this combined information, including advertising for our products. 

While we do not control Ad Networks or what they do with the information they collect, we only work with companies that have agreed to participate in the Network Advertising Initiative (NAI) and abide by NAI principles, which prohibit members from connecting identifying information to information they collect through cookies without explicit consent. 

Analytics Services 

Our websites, products, and online advertisements often contain web beacons or similar technologies from third-party analytics providers, which help us compile aggregated statistics about the effectiveness of our promotional campaigns or other operations. These analytics providers are able to set or read their own cookies on your device through which they can collect information about your online activities across applications, websites, and other products. To learn more about controlling information provided to these analytics provides, click on the following links: Adobe op-out site, Google Analytics Opt-out Browser Add-on.    

BACK TO TOP

Choices and Control over your Information

In general, choices concerning our collection, use and disclosure of information are limited to those provided by law. For details of choices under the Federal Fair Credit Reporting Act, please see our FCRA Summary of Rights web page. Beyond those choices, individuals may elect to not provide information directly to us. However, in many cases this will limit our ability to provide services. 

Opting out of Promotional or Marketing Email

If you do not wish to receive promotional or marketing offers by email, you may opt out of receiving further promotional offers and emails by clicking on the "unsubscribe" button in the email. In addition, some Equifax products allow you to manage your communications preferences by logging into your account and managing your account profile. For example, you can manage this preference by logging into my.equifax.com and clicking on “My Account.” Note, however, if you are an Equifax customer, you will continue to receive emails from us related to the operation and administration of your account.

Opt out of the Sharing of your Personal Data

You can limit the sharing of your personal data among our affiliates to market to you, the sharing of your personal data with non-affiliates to market to you, and the sharing of personal data regarding your creditworthiness among Equifax affiliates for everyday business purposes. To limit the sharing of your personal data, take any of the below actions: 

  • Visit us online: https://help.equifax.com/s/contactsupport and select “Customer Service”

  • Call 1-866-807-7461 from 8:00 a.m. - 3 a.m., Eastern Time seven days a week—our menu will prompt you through your choice(s)

  • Log in to your my.equifax.com account and manage your sharing preferences in “My Account” 

Online Behavioral Advertising

You can opt out of receiving ads based on your online behavior either by visiting the DAA opt-out page at http://www.aboutads.info/choices/, the Network Advertising Initiative opt-out page http://optout.networkadvertising.org/?c=1, or by clicking on the Ad-Choices icon in or near the ad. If you elect to opt out of online behavioral advertising (OBA), you will still see ads, but they may not be as relevant to you. Please keep in mind that opting out is cookie-based and will only affect the specific computer and browser on which the opt out cookie is applied. If you delete your browser cookies or if you use a different computer or different browser and want to continue to be opted out of interest-based advertising, you will need to opt out again. For more information, please read our Online Behavioral Advertising Notice

You can learn more about online advertising, including OBA or interest-based advertising, on the DAA website at www.aboutads.info/consumers and on the Network Advertising Initiative web site at www.networkadvertising.org/

Do Not Track

Some browsers transmit “do not track” signals to the websites and other online services with which a user communicates. We currently do not take action in response to these signals. 

BACK TO TOP

Security

We are committed to protecting the security of your personal data and use a variety of security technologies and procedures to help protect your personal data from unauthorized access, use, or disclosure. However, no data transmission or storage can be guaranteed to be 100% secure.  As a result, while we strive to protect the personal data we maintain, we cannot ensure or warrant the security of any information that you transmit to us. Equifax complies with applicable data protection laws, including security breach notification laws. 

BACK TO TOP

California Residents

The below section supplements our privacy statement to provide California residents with the information needed to exercise their rights under the CCPA.

Information Collected

We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“personal information”). In particular, we have collected the following categories of personal data from consumers within the last twelve (12) months:

Category Examples Collected

Identifiers

A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers.

YES

Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).

A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.

YES

Protected classification characteristics under California or federal law.

Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).

YES

Commercial Information

Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

YES

Biometric Information

Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.

NO

Internet or other similar activity

Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.

YES

Geolocation data

Physical location or movements.

YES

Sensory Data

Audio, electronic, visual, thermal, olfactory, or similar information.

YES

Professional or employment-related data

Current or past job history or performance evaluations.

YES

Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99))

Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.

YES

Inferences drawn from other personal information

Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

YES

Under the CCPA, personal information does not include:

  • Publicly available information from government records.

  • De-identified or aggregated consumer information.

  • Information excluded from the CCPA's scope, like:

    • health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;

    • personal information covered by certain sector-specific privacy laws, including the FCRA, the GLBA or California Financial Information Privacy Act (FIPA), and the Driver's Privacy Protection Act of 1994.

We obtain the categories of information listed above from the categories of sources listed in the Sources of Personal Data section above. 

Sharing your Personal Information

In the preceding 12 months, we have disclosed the following categories of information for the business purposes described above: 

  • Identifiers

  • Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).

  • Protected classification characteristics under California or federal law.

  • Commercial Information

  • Internet or other similar activity

  • Geolocation data

  • Professional or employment-related data

  • Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99))

  • Inferences drawn from other personal information

We disclose these categories of personal information for business purposes to the following categories of third parties:

  • Our affiliates

  • Our partners

  • Our service providers and other third parties that cannot use personal information collected by or on behalf of us for their purposes, including but not limited to advertising networks, business process outsourcing providers, internet service providers, data analytics providers, data processors and storage providers, operating systems and platforms, social networks, and consumer data resellers.

  • Third parties to whom you or your agents authorize us to disclose your personal information in connection with the products or services we provide to you

Selling your Personal Information 

In the preceding 12 months, we have sold the below categories of information for the commercial purposes described above. 

  • Identifiers

  • Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).

  • Protected classification characteristics under California or federal law

  • Commercial Information

  • Internet or other similar activity

  • Geolocation data

  • Professional or employment-related data

  • Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99))

  • Inferences drawn from other personal information

We sell these categories of personal information for commercial purposes to the following categories of third parties:

  • Employers

  • Financial Institutions

  • Consumer credit customers 

  • Fraud detection providers

  • Creditors/collection agencies

  • Business customers, including but not limited to advertising networks, internet service  providers, data analytics providers, operating systems and platforms, social networks, and consumer data resellers.

  • Government agencies and contractors

Rights of California Residents 

Pursuant to the CCPA, California residents have the right to submit the following requests to Equifax. To submit these requests, please visit myprivacy.equifax.com or call our Customer Care team at 1-866-295-6801 (our regular business hours of 8AM-Midnight EST, 7 days a week). Equifax is prohibited from discriminating against in any way in response to your exercise of any of these rights. This means we will not:

  • Deny you goods or services.

  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.

  • Provide you a different level or quality of goods or services.

  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

  • Offer a product enhancement or financial incentive that is contingent on you sharing personal information, unless that incentive is reasonably related to the value provided to us by that collection. 

To ensure personal information security and prevent fraudulent requests, we may need to collect personal information and other information such as your name, email, or transaction history to verify your identity. Any authorized agents making requests on your behalf need to provide similar information for verification.

Access

You have a right to request Equifax provide you with the following information, covering the 12 months preceding the date your request is submitted. 

  • The categories and specific pieces of personal information collected about you 

  • The categories of sources of the personal information collected about you 

  • The business or commercial purposes for collecting or selling your personal information

  • The categories of third parties to whom we sold your personal information 

  • The categories of third parties to whom we disclosed your personal information for a business purpose  

Deletion

You have the right to request Equifax to delete the personal information collected from you, subject to certain exceptions. Once we receive and confirm your verifiable request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.

We may deny your deletion request if retaining the information is necessary for us or our service providers to:

  • Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.

  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.

  • Debug products to identify and repair errors that impair existing intended functionality.

  • Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.

  • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).

  • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent.

  • Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.

  • Comply with a legal obligation.

  • Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Opt-Out

You have the right to request that Equifax no longer sell your personal information. To exercise that right, please click here: Do Not Sell My Personal Information or call our Customer Care team at 1-866-295-6801 (our regular business hours of 8AM-Midnight EST, 7 days a week).

BACK TO TOP

Changes to this Privacy Statement 

We may change this online privacy statement in the future.  If we make changes to this privacy statement we will post the revised privacy statement and its effective date on this website. 

BACK TO TOP

Contact Us

If you have questions or comments about this privacy statement, please visit our Privacy Contact Form or write to the Chief Privacy Officer, Equifax Inc., 1550 Peachtree Street, NW, Atlanta, GA 30309.  Please reference “Equifax Privacy Statement,” when contacting us about this privacy statement.

BACK TO TOP