Job Applicant Privacy Statement

Last Updated: October 2024

Equifax Inc. and its global subsidiaries (collectively, “Equifax”, ”the Company”, “we”, “us”, “our”) are committed to safeguarding the personal data entrusted to us by all individuals seeking to join the Equifax team.

The purpose of this Job Applicant Privacy Statement (“Statement”) is to communicate how and why we collect, process, store, and protect job applicants’ (“Applicants”) personal data, and the principles and practices we follow in order to comply with applicable privacy and data protection laws and industry best practices.

This Statement applies to all Applicants who apply for roles at Equifax. The Equifax entity you apply to will be the Controller of your personal data, as defined by applicable privacy and data protection laws. Depending on the region in which you reside, portions of this Statement may not be applicable to you. The first part of this Statement applies to all Applicants, with regional requirements applicable to Applicants in certain jurisdictions detailed in specific sections below. For additional information specific to Applicants in:

 

 

Personal Data Collected
How We Use Personal Data
Sharing Your Personal Data
Choices and Control Over Your Information
Your Obligations
Safeguarding your Personal Data and Retention
Children’s Information
Changes to this Privacy Statement
Contact Details of the Data Protection Officer

“Personal data” is any information that relates to an identifiable natural person. Equifax may collect different types of personal data, in accordance with applicable legislation, throughout the application, interview, offer, and onboarding process. The majority of personal data we collect comes directly from you, but we may also obtain some personal data from third parties (e.g., recruitment agencies, background screeners, previous employer(s), employment-focused platforms such as LinkedIn).

Equifax may, in accordance with regional requirements, collect the following categories of personal data:

  • Name and contact information. Your title, first and last name, home address, telephone number, email address, and LinkedIn profile.
  • Identifiers. Government-issued identifiers, such as passport, social security number or driver's license details, and other national, provincial, and state-issued identification numbers.
  • Demographic information*. Date of birth, gender, marital status, country of citizenship, and preferred language, as applicable by region.
  • Special category personal data. Optional information about you such as your race, ethnicity, nationality, veteran/disability status, religious beliefs, sexual orientation, and immigration status. This information is voluntary and failure to provide it does not impact your employment eligibility.
  • Employment information. Your resume/CV or cover letter (including educational background, work history, and references), responses to application questions, and applicable right to work, background, or criminal convictions verification information.
  • Images and videos. Closed Circuit Television (CCTV) footage in respect of your visits to Equifax office locations.
  • Device data and website interactions. Device identifiers such as your Internet Protocol (IP) address, device type, unique device identification numbers, browser type, broad geographic location, performance, and other usage and technical information. We also collect information about how you interact with our websites, for example, referring web pages, pages visited, and features used.

*In Canada, self-identifying your gender and marital status is optional.

BACK TO TOP

Equifax uses the personal data we collect about you for one or more of the following employment-related purposes:

  • Determining eligibility for employment, including verifying qualifications, providing and/or validating references and credit history, and completing background screening, based on regional practices.
  • Meeting legal obligations including, but not limited to, disputes related to our hiring practices, preventing fraud, or complying with applicable laws and regulations.
  • Completing equality and diversity monitoring forms, where applicable.

We will only use your personal data as permitted by law and for the purposes for which we collected it, unless we need to use it for other reasons which are compatible with the original purpose. If we need to use your personal data for an unrelated or new purpose, we will notify you and explain the legal basis which allows us to do so, which may include obtaining your consent. Additionally, if necessary, we may process your personal data without your knowledge or consent in accordance with this Statement and where it is required or permitted by law.

BACK TO TOP

Your personal data is shared within the Equifax group of companies and may be processed outside of the country in which you reside. Additionally, we may disclose the personal data we collect and maintain about you to a third party providing one or more of the services listed below. These third parties may be located outside of the country in which you reside. Equifax has entered into the necessary agreements, both internally and with third parties, to lawfully facilitate the transfer of your personal data outside of the country in which you reside. Because we are a global company, these third parties may vary by region. A full list of third-party providers may be obtained by submitting a request to privacy@equifax.com.

  • Background screening services;
  • Human and social services;
  • Legal support and advice;
  • Recruitment;
  • Security;
  • Software and technology, including our Human Resources Information System (HRIS); and
  • The sale, purchase or transfer of our business, in whole or in part.

 

Special Category Personal Data
Some of the information that Equifax may process about you is known as “special category” personal data and it requires a higher level of protection. Special category personal data may include information about your race, ethnicity, nationality, veteran/disability status, religious beliefs, sexual orientation, or immigration status. We will collect, store, and use special category personal data in limited circumstances.

Where we process special category personal data, we will either have asked for your explicit consent or it will be otherwise necessary:

  • For the purposes of carrying out the obligations and exercising specific rights of Equifax or yourself in connection with employment, social security or social protection law;
  • For the establishment, exercise, or defense of legal claims; or
  • For reasons of substantial public interest.

 

Information About Criminal Convictions
We will only use information relating to criminal convictions:

  • Where the law allows us to do so for determining suitability for employment;
  • it is necessary in relation to legal claims; or
  • Where the information has already been made available to the general public.

BACK TO TOP

By applying for employment at Equifax, you acknowledge that your personal data will be processed as described in this Statement. You have the right to withdraw consent to any processing activities using your personal data for which you have provided consent. However, withdrawing your consent may limit or prevent us from further engaging with you in the application process. To withdraw your consent for the processing of your personal data for a specific purpose, please contact the Data Protection Officer applicable to your region or privacy@equifax.com.

BACK TO TOP

Failure to provide accurate and complete information when requested may result in Equifax’s inability to perform necessary recruitment activities. For example, we may be prevented from complying with our legal obligations, such as verifying your eligibility to work in the country where you are applying. Depending on the nature and importance of the information requested, we may either need to cease the recruitment activity or withdraw an offer of employment or engagement.

BACK TO TOP

Equifax values its Applicants and we protect your personal data for as long as we control it. We protect your personal data by limiting access to authorized personnel to prevent loss, misuse, and unauthorized disclosure, modification, or access. Additionally, we seek to ensure that third parties that we partner with to process your personal data demonstrate equally comparable controls to further ensure the security of your personal data.

We keep personal data only as long as needed to fulfill obligations of the application process, for legal requirements, or other business needs. Upon completion of the application process, we will retain and securely destroy your personal data in accordance with our Global Records Retention Policy. In some circumstances, we may anonymize your personal data so that it can no longer be associated with you, in which case we may use such data for internal data studies, analytics, and other legitimate business purposes. Should you join the Equifax team, your personal data will be retained in accordance with our Global Records Retention Policy for employee data.

BACK TO TOP

Except in locations where it is legally permitted and, in these cases, in strict compliance with applicable legal requirements, Equifax employment opportunities are not directed at minors, and we do not knowingly accept or process personal data of persons under the age of eighteen (18) years old. If you learn that your child has provided us with personal data without your consent, you may contact us at privacy@equifax.com. If we learn that we have collected any personal data in violation of applicable law, we will promptly take steps to delete such information and terminate the minor’s account.

BACK TO TOP

We reserve the right to update this Statement at any time, and we will provide you with a new Statement when we make substantial updates. We may also notify you in other ways from time to time about the processing of your personal data. If you have any questions about this Statement, please contact the Data Protection Officer (DPO) or Chief Privacy Officer applicable to your region or privacy@equifax.com.

 

BACK TO TOP

If you have questions or comments about this Statement, please submit an inquiry through our Privacy Contact Form or write to the Chief Privacy Officer at privacy@equifax.com. Please reference "Job Applicant Privacy Statement," when contacting us about this Statement.

Applicants residing in the US, India, and Central and South America:
Chief Privacy Officer
Equifax Inc., 1550 Peachtree Street, NW, Atlanta, GA 30309.
privacy@equifax.com

Applicants residing in Canada:
Chief Privacy Officer
Adam Higgins
Equifax Canada Co., 5700 Yonge St., Suite 1600, Toronto, ON M2M 4K2.
chief.privacy.officer@equifax.com

Applicants residing in Australia, Brazil, the European Union, New Zealand, and the United Kingdom, please see below.

 

BACK TO TOP

 

Australia

The following section applies to Applicants applying to an Equifax subsidiary located in Australia (collectively, “Equifax Australia”).

Overseas Disclosure and Storage
Where your personal information is disclosed to or used by an overseas recipient, the Privacy Act requires you be advised that the overseas recipient may not be required to protect your personal information in a way that is comparable to the Privacy Act, may be subject to foreign laws that could compel the disclosure of that information to a third party (such as an overseas authority – for example, under legislation to intercept cyber traffic or obstruct terrorism), that you may not be able to seek any redress in that overseas jurisdiction, and that neither the Company nor any Equifax group company will be accountable under the Privacy Act (and you will not be able to seek redress under the Privacy Act) if that occurs.

Countries where Equifax group companies are located and where your personal information may be shared include the United States, Chile, the Philippines, India, Costa Rica, and Ireland. A list of the countries in which Equifax group companies are located can be found on the Company’s website at https://www.equifax.com/about-equifax/company-profile/.

By accepting employment with the Company, you consent to any such disclosure and accept that APP 8.1 will not apply in respect of any such personal information.

Your Right of Access and Correction
You may request access to, or correction of, personal information we hold about you with respect to your potential employment with Equifax Australia. A request to access, or correct, personal information we hold about you with respect to your potential employment with Equifax Australia should be made to privacy@equifax.com.

If you require access to, or a correction of, other personal information held about you by Equifax Australia other than personal information managed by this Statement, you should request access to, or correction of, your personal information through the direct to consumer processes set out in section 5 and 6 of the Australian Privacy Policy. Alternatively, if you require access to, or correction of, Credit Information as defined under the Privacy Act 1988 (Cth), you should request access to, or correction of, your Credit Information through the processes set out in the Australian Credit Reporting Policy.

Your Right to make a Complaint
If you have a dispute about personal information held by Equifax Australia and covered by this Statement, we will investigate and provide you with a formal written response.

We will investigate and deal with your complaint in a fair, efficient and timely manner. You can contact us at privacy@equifax.com.

If you are still not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC).

How to contact the OAIC:
Online: www.oaic.gov.au
Email: enquiries@oaic.gov.au
Fax: 1300 363 992
Mail: Office of the Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001

If you have a complaint regarding the management of your personal information that is outside the scope of this Statement, you should refer to section 6 of the Australian Privacy Policy.

BACK TO TOP

 

Brazil

The following section applies to Applicants applying to an Equifax subsidiary located in Brazil (collectively, “Equifax Brazil”).

Equifax Brazil is responsible for making decisions regarding how we collect, process, store, and protect your personal data. Under Brazilian law, this means that Equifax Brazil is the “Controller” of your personal data. However, Equifax Inc. will also be a Controller of your personal data.

Lawful Basis
Under Brazilian law, all processing activities must have a legal basis, also called “legal hypothesis,” applicable to its purpose. The General Data Protection Law outlines the legal bases we can use, including:

  • To enter into or perform our contract with you;
  • To comply with legal or regulatory obligations, such as labor laws;
  • To regularly exercise our rights in judicial, administrative or arbitration proceedings;
  • For our legitimate interests (or those of a third party), when your interests and fundamental rights do not override those interests; or
  • If we have your explicit consent.

 

Sensitive Personal Data
Equifax Brazil collects sensitive personal data from you, such as health information. This data is collected so we can comply with legal or regulatory obligations, which includes our judicial rights, but also to perform our contract with you. Any other sensitive personal data that is not mentioned above requires your explicit consent for us to collect and use and you can withdraw this consent at any time. We will not use your sensitive personal data for our legitimate interests.

Your rights
You have rights under the General Data Protection Law, including:

  • The right to confirm whether Equifax processes your personal data;
  • The right to access a copy of personal data we maintain about you;
  • The right to correct incomplete, inaccurate or outdated data;
  • The right to request the anonymization, blocking or elimination of unnecessary, excessive or processed personal data that does not comply with the law;
  • The right to data portability, requesting Equifax share your personal data with another service or product provider;
  • The right to request the disposal of personal data processed with your consent;
  • The the right to obtain information about public and private entities to which we shared your personal data;
  • The right to have information about the possibility of not providing consent and the consequences of refusal; and
  • The right to revoke your consent.

It is important that the personal data we hold about you is accurate and current. You have a duty to keep us informed if your personal data changes throughout the application process.

 

Contact Details of the Brazilian Data Protection Officer
If you have questions or comments about this Statement specific to Equifax Brazil, please submit an inquiry by email to bvs_dpo@equifax.com. Please reference "Job Applicant Privacy Statement," when contacting us about this Statement.

BACK TO TOP

 

California Applicants Privacy Statement and Notice at Collection

The below section, as required by the California Consumer Privacy Act of 2020 ("CCPA"), as amended, applies solely to Applicants who reside in the State of California. Any terms defined in the CCPA have the same meaning when used in the below section.
 

Categories of Personal Information Collected
We may collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular Applicant or device ("personal information"). In particular, we may have collected the following categories of California Applicant personal information from the following sources within the last twelve (12) months:

Category Examples Sources Collected
Identifiers Including, but not limited to:
  • Name, alias, postal address, email address
  • Unique personal identifier, online identifier, Internet Protocol address
  • Account name
  • Social Security number, driver's license number, passport number
  • Devices and browsers
  • Directly from you
  • Employers
  • Third-party data providers
  • Public records
 Yes
Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))

Any information that identifies, relates to, describes, or is capable of being associated with, a particular individual, including, but not limited to, an individual's name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, or employment history.

Some personal information included in this category may overlap with other categories.		 Some personal information included in this category may overlap with other categories.

Including, but not limited to:
  • Name, address, telephone number
  • Social Security number, passport number, driver's license or state identification card number
  • Education
  • Employment and employment history
  • Devices and browsers
  • Directly from you
  • Employers
  • Third-party data providers
  • Public records
 Yes
Protected classification characteristics under California or federal law

An individual's age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).		 Including, but not limited to:
  • Age, race, citizenship, marital status, gender, veteran or military status, and ethnicity
  • Devices and browsers
  • Directly from you
  • Employers
  • Third-party data providers
  • Public records
 Yes
Internet or other similar activity Including, but not limited to:
  • Information on a Applicant’s interaction with a website, application, or advertisement
  • Devices and browsers
  • Directly from you
 Yes
Geolocation data Including, but not limited to:
  • Physical location or movements
  • Devices and browsers
  • Directly from you
 Yes
Professional or employment-related data Including, but not limited to:
  • Current or past job history, including employment dates, employer name, and employer information
  • Directly from you
  • Employers
  • Third-party data providers
  • Public records
 Yes
Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)) Including, but not limited to:
  • Education records including dates of attendance
  • Directly from you
  • Employers
  • Third-party data providers
  • Public records
 Yes
Inferences drawn from other personal information Including, but not limited to:
  • Personal preferences
  • Characteristics
  • Behavior
  • Directly from you
 Yes
Sensitive personal information Some personal information included in this category may overlap with other categories.

Including, but not limited to:
  • Social Security number, driver’s license number, state ID number, or passport number
  • Precise geolocation
  • Racial or ethnic origin, religious or philosophical beliefs
  • Contents of mail, email, or text messages
  • Personal data that reveals a person’s sexual orientation or sex life preferences
  • Devices and browsers
  • Directly from you
  • Employers
  • Third-party data providers
 Yes

 

Purpose and Use of Personal Information Collected
We may use or disclose the personal information we collect and maintain about you for one or more of the following purposes:

 

  • Determining eligibility for employment, including verifying qualifications, providing and/or validating references, and maintaining notes on the same;
  • Completing applicable background checks and on-going periodic background checks, as applicable;
  • Assessing workplace culture purposes; and
  • Complying with applicable laws, including for government disclosures and security clearances.

 

Disclosing your Personal Information
In the preceding 12 months, we may have disclosed the following categories of personal information to third parties for business purposes:

Category May be disclosed for a business purpose to the following categories of third parties:
Identifiers
  • Accounting and taxation support and advice providers;
  • Human and social services providers;
  • Legal support and advice providers;
  • Recruitment services providers;
  • Security providers;
  • Software and technology providers;and
  • Applicant development and recognition service providers.
Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))
  • Accounting and taxation support and advice providers;
  • Human and social services providers;
  • Legal support and advice providers;
  • Recruitment services providers;
  • Security providers;
  • Software and technology providers;and
  • Applicant development and recognition service providers
Protected classification characteristics under California or federal law
  • Accounting and taxation support and advice providers;
  • Human and social services providers;
  • Legal support and advice providers;
  • Recruitment services providers;
  • Security providers;
  • Software and technology providers;and
  • Applicant development and recognition service providers.
Internet or other similar activity
  • Security providers; and
  • Software and technology providers.
Geolocation data
  • Security providers; and
  • Software and technology providers.
Sensory Data
  • Security providers; and
  • Software and technology providers.
Professional or employment-related data
  • Accounting and taxation support and advice providers;
  • Human and social services providers;
  • Legal support and advice providers;
  • Recruitment services providers;
  • Security providers;
  • Software and technology providers;and
  • Applicant development and recognition service providers.
Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99))
  • Equifax does not share this information with third parties
Inferences drawn from other personal information
  • Human and social services providers;
  • Security providers;
  • Software and technology providers;
  • Travel and expense processors; and
  • Applicant development and recognition service providers.
Sensitive personal information
  • Accounting and taxation support and advice providers;
  • Human and social services providers;
  • Legal support and advice providers;
  • Recruitment services providers;
  • Security providers;
  • Software and technology providers;and
  • Applicant development and recognition service providers.

 

Equifax does not sell personal information of its Applicants. Equifax only uses and discloses sensitive personal information of its Applicants as necessary to perform the contract we have entered into with you. Equifax retains personal information of its Applicants in accordance with applicable law.

 

Rights of California Applicant
Applicants residing in the State of California have the right to submit the following privacy rights requests to Equifax:

Know and Access
You have a right to request Equifax provide you with the following information, covering the 12 months preceding the date your request is submitted:

  • The categories and specific pieces of personal information collected about you.
  • The categories of sources of the personal information collected about you.
  • The business or commercial purposes for collecting your personal information.
  • The categories of third parties to whom we disclosed your personal information for a business purpose.

 

Deletion
You have the right to request Equifax delete the personal information collected from you, subject to certain exceptions. Once we receive and confirm your request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.

We may deny your deletion request if retaining the information is necessary for us or our service providers to:

  • Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
  • Debug products to identify and repair errors that impair existing intended functionality.
  • Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
  • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
  • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent.
  • Enable solely internal uses that are reasonably aligned with Applicant expectations based on your relationship with us.
  • Comply with a legal obligation.
  • Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

 

Correct
You have the right to request that Equifax correct inaccurate personal information it maintains about you.

Submit a Privacy Rights Request
Applicants wishing to exercise their right to know and access, delete, or correct their personal information may do so by contacting their Equifax Talent Acquisition Associate or sending a request to privacy@equifax.com. While every attempt will be made to satisfy a Applicant’s request, certain exemptions may apply due to the nature of the Applicant’s relationship with Equifax. If applicable, Equifax may deny a request for a number of reasons, including complying with applicable law and fulfilling contractual obligations.

Right to be Free from Discrimination
Equifax is prohibited from discriminating against in any way in response to your exercise of any of these rights. This means we will not:

  • Deny you goods or services.
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
  • Provide you a different level or quality of goods or services.
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
  • Offer a product enhancement or financial incentive that is contingent on you sharing personal information, unless that incentive is reasonably related to the value provided to us by that collection.

 

BACK TO TOP

 

New Zealand

The following section applies to Applicants applying to an Equifax subsidiary located in New Zealand (collectively, “Equifax New Zealand”).
 

Overseas Disclosure and Storage
Throughout the application process, the Company (or any other Equifax group company) may collect, use and disclose or otherwise handle your personal information for various human resources, administrative, management and other purposes related to your potential employment, including business-related purposes involving third parties. Where privacy legislation places a restriction on any Equifax group company in relation to your personal information, you consent to the Equifax group company collecting, using, and disclosing your personal information to any other Equifax group company (both inside and outside New Zealand, including the United States), insurers, superannuation administrators, healthcare workers, the Inland Revenue Department and other regulatory bodies, financial and legal advisers, potential purchasers on the sale of a business, law enforcement bodies, and other organizations and entities engaged by an Equifax group company, or with whom an Equifax group company interacts, from time to time as may seem necessary or desirable to that Equifax group company.

Where your personal information is being disclosed to or used by an overseas recipient, the Privacy Act requires you be advised that the overseas recipient may not be required to protect your personal information in a way that is comparable to the Privacy Act.

Countries where Equifax group companies are located and your personal information may be shared include the United States, Chile, the Philippines, India, Costa Rica, and Ireland. A list of the countries in which Equifax group companies are located can be found on the Company’s website at https://www.equifax.com/about-equifax/who-we-are/.

By accepting employment with the Company, you consent to any such disclosure and accept that IPP 11 (1)(c) and IPP 12(1)(a) apply in respect of any such offshore disclosure of personal information.

Your Right of Access and Correction
You may request access to, or correction of, personal information we hold about you with respect to your potential employment with Equifax New Zealand. A request to access, or correct, personal information we hold about you with respect to your potential employment with Equifax New Zealand should be made privacy@equifax.com. If you make a request to Equifax New Zealand for access to, or to correct, your personal information, we will respond to your request for information within 20 working days. We may, in limited circumstances, extend the 20 working day timeframe, but we will tell you why and when we will give you the information.

If you require access to, or a correction of, other personal information held about you by Equifax New Zealand other than personal information managed by this Statement, you should request access to, or correction of, your personal information through the direct to consumer processes set out in the New Zealand Privacy Policy.

Your Right to make a Complaint
If you have a dispute about personal information held by Equifax New Zealand and covered by this Statement, we will investigate and provide you with a formal written response.

We will investigate and deal with your complaint in a fair, efficient and timely manner. You can contact us at privacy@equifax.com.

If you are still not satisfied with our response, you may contact the Office of the Privacy Commissioner (OPC).

How to contact the OPC:
Online: https://privacy.org.nz
Phone: 0800 803 909
Mail: Office of the Privacy Commissioner
PO Box 10 094,
Wellington 6143

BACK TO TOP

 

United Kingdom and European Union Applicants

The following section applies to Applicants applying to an Equifax subsidiary located in the United Kingdom (UK) and the European Union (EU). This section supplements the above with additional information concerning Equifax’s use of your personal data and your rights.
 

Lawful Basis
Under UK and European Law, we are required to always have a so-called “lawful basis” (i.e., reason or justification) for processing your personal data. There are a variety of lawful bases available; however, Equifax’s processing is typically based on one or more of the following lawful bases:

  • We need to use the personal data to enter into or perform our contract with you;
  • We need to comply with a legal obligation;
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; or
  • We have your explicit consent.

 

The following table provides an overview of the main types of processing activities we perform using your personal data, as well as our lawful basis for doing so.

Purpose of Processing Categories of Personal Data Source (if not the Applicant) Contract Legal Obligation Legitimate Interest Consent
Ensure meaningful equal opportunity and diversity monitoring and reporting
  • Name and contact information
  • Identifiers
  • Employment information
  • Finance information
  • Images and video
  • Recruitment agencies
  • Employment-focused platforms such as LinkedIn
  • Previous employer(s) or referee(s) (as applicable)
     It is in our interests to review applications and hire those most suited to the position  
Employment eligibility
  • Name and contact information
  • Identifiers
  • Employment information
  • Demographic information
  • Recruitment agencies
  • Employment-focused platforms such as LinkedIn
  • Previous employer(s) or referee(s) (as applicable)
   Checking that you are legally entitled to work in the country of which you are employed    
Background screening (not applicable to all countries)
  • Name and contact information
  • Identifiers
  • Employment information
  • Demographic information
  • Background screening provider
  • Previous employer(s) or Referee(s) (as applicable)
 Certain background checks are not legally required, but we request they be undertaken for certain job roles Certain background checks are legally required It is in our legitimate interest to verify the information provided by you on your CV, such as education, qualifications, and employment history  
Processing personal data obtained through CCTV
  • Name and contact information
  • Images and video
  • Building owned CCTV
     Protecting the health and safety (including the identification of individuals on premises in the event of a fire or serious incident) of our Applicants and the prevention and detection of criminal acts  
Processing reference information
  • Name and contact information
  • Employment information
  • Previous employer(s) or referee(s) (as applicable)
     It is in our legitimate interest to verify the information provided by you on your CV, such as education, qualifications, and employment history Where such disclosures are explicitly requested by you
Supporting the restructuring, sale or transfer or all or part of the business
  • Potentially all personal data
     We may be legally required to share some data in the event of a sale, transfer, or merger It is in our legitimate interests to share Applicant data in relation to such restructuring  

 

Special Category Personal Data
Some of the information that Equifax may process about you is known as “special category” personal data and it requires a higher level of protection. Special category personal data includes information about your race, ethnicity, or religious beliefs. We will collect, store, and use special category personal data in limited circumstances.

Under UK and European Law, we are prohibited from processing special categories of personal data unless we can identify a relevant lawful basis which applies. The lawful bases that we rely on for processing your special category data are as follows:

 

  • Where we have sought and obtained your explicit consent;
  • For the purposes of carrying out the obligations and exercising specific rights of Equifax or yourself in connection with employment, social security or social protection law;
  • For the establishment, exercise, or defense of legal claims; or
  • For reasons of substantial public interest.

The following table provides an overview of the main types of processing activities we perform using your special category personal data, as well as our lawful basis for doing so.

 

Purpose of Processing Lawful Basis
Exception
Employment, social security or social protection law Vital Interests Legal claims or judicial acts Substantial public interest Explicit consent
Ensure meaningful equal opportunity and diversity monitoring and reporting
  • Legal obligation
  • Legitimate interests
          
Conducting background checks involving criminal convictions or other special category personal data
  • Contract
  • Consent
  • Legal obligation
  • Legitimate interests
          
Assessing and responding to legal claims
  • Legitimate interests
          
Responding to legally binding requests or orders of the court or other applicable enforcement bodies
  • Legal obligation
          
Responding to non-binding requests or orders of the court or other applicable enforcement bodies
  • Legitimate interests
         Where the other lawful basis does not apply

 

If there are any circumstances where we feel we need to process special category personal data and it is not consistent with these reasons, we will provide you with an updated notification, or seek your explicit consent, if necessary. You should understand that it is not a condition of your contract to agree to any request for consent from Equifax and there will be no consequences where consent is withheld.

 

Retention of Your Personal Data
We will not keep your personal data for longer than is necessary for the purposes for which we are processing it. Typically, applicant-related records are retained for no longer than 12 months for the purpose of defending any legal claims. If you are unsuccessful with your original application but are a strong contender for other roles, it is our normal practice to retain details contained in application forms for a period of 12 months unless you indicate otherwise.

Processing by Other Group Controllers
It may be necessary to share your personal data within the Equifax group of companies and your personal data may therefore be processed and stored outside of the UK and EU. Such group companies include: Equifax Inc., Equifax Commercial Services Limited, Equifax Information Services LLC, Equifax Chile, and Equifax Costa Rica.

As a global company, many of the systems we use to collect, process, and store your personal data may be hosted outside of the country in which you reside or work, including but not limited to, our global human resources information system, which is hosted in the United States.

The table below highlights the key global group companies which will also collect and process your personal data.

Controller What Data is Shared Purpose
Equifax Inc. All application related data stored in Workday, Google Workspace, and integrated systems Hosting systems outside of the UK or EU (e.g., our global human resources information system (Workday)), systems integrated with Workday and Google Workspace
All Group companies Contact details and job-related information (e.g., title) To make contact with you or to understand your job role

 

Your Rights and Obligations
In certain circumstances, you have rights under applicable data protection laws in relation to your personal data that Equifax processes. These include:

 

  • Your right to be informed with clear, transparent, and easily understood information about how Equifax uses your personal data, and your rights. This is why we’re providing you with the information in this Statement.
  • Your right of access to your personal data. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
  • Your right to rectification of your personal data. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Your right to erasure of your personal data. This enables you to ask us to delete or remove personal data, but only where there is no legitimate reason for us continuing to process it. This right is not absolute and only applies in certain circumstances.
  • Your right to object to processing of your personal data. You can object to certain types of processing in certain circumstances (e.g., where we are relying on a legitimate interest (or those of a third party)).
  • Your right to request restriction of the processing of your personal data. This enables you to ask us to suspend the processing of your personal data, for example if you want us to establish its accuracy or the reason for processing it.
  • Your right to data portability. You have the right to obtain a copy of your personal data in a structured, commonly used, and accessible format and, in certain circumstances, to have this information transferred directly to a third party.
  • Your right to withdraw consent to any processing activities using your personal data for which you have previously provided consent.
  • Your right not to be subject to a decision based solely on automated processing.


If you want to review, verify, correct, request erasure of your personal data, object to the processing of your personal data, or request that we transfer a copy of your personal data to another party, please submit your request via our Data Subject Access Request portal.

To withdraw your consent to the processing of your personal data for a specific purpose, please contact UKDPO@equifax.com. Once we have received notification that you have withdrawn your consent, we will no longer process your personal data for the purpose(s) for which you provided such consent, unless we have an alternative lawful basis to do so within the scope of the applicable law.

If you are unhappy with how we have processed your personal data, you have a right to lodge a complaint with a Supervisory Authority. We would, however, appreciate the opportunity to respond to your concerns before you approach your local Supervisory Authority, so we ask that you contact your local Data Protection Officer (DPO) first (contact details below). If you remain dissatisfied with the response from the DPO, you may contact the applicable Supervisory Authority:

Contact Details of the Data Protection Officer
As required by law, a DPO has been appointed for overseeing compliance with this Statement and for handling data protection questions. You may contact the respective DPOs using the following contact details:

BACK TO TOP