Equifax Privacy Statement

Last Updated:  September 2024
This privacy statement describes how Equifax Inc. ("Equifax") and its United States affiliates (collectively, "Equifax", "we", "us", "our") collect, use, and share personal data about individuals in the United States. Individuals outside the United States should refer to the privacy statements for their country on our country-specific websites.
 

Employment Data
Please note we restrict the use of personal data collected through our employment-related products, such as I-9, immigration case management, W-2 form management and employment verification. Please read the Equifax Workforce Solutions section for more information. 

Consumer Reporting Activity
Certain Equifax affiliates are consumer reporting agencies, as defined under the federal Fair Credit Reporting Act ("FCRA") and certain similar state laws and regulations. Each of these affiliates comply with the FCRA requirements regarding the collection, use, and sharing of personal data used in consumer reports.

California Residents
Please note this privacy statement also contains a California Residents Privacy Statement and Notice at Collection section devoted to the rights of California residents under the California Consumer Privacy Act of 2018, as amended ("CCPA"): California Residents Privacy Statement and Notice at Collection.

Anchor Text

Equifax collects the following categories of personal data:

Name and contact information. Your first and last name, email address, postal address, phone number, and other similar contact information.

Identifiers. Government-issued identifiers, such as a social security number, individual taxpayer identification number, passport number, or driver's license number, and other state-issued identification numbers, as well as other unique identifiers such as those associated with your device.

Demographic information. Information about you such as your age, gender, country of origin, and preferred language.

Payment information. Information required to process payments directly to Equifax, such as your payment card information including its account number and associated security code.

Financial information. Information about your financial accounts, such as outstanding balances, bank holdings, loan history, bill payment history, rental payment history, bank account activity, and insurance information. In some cases this includes corresponding account numbers. This information is generally collected in our applicable affiliate's capacity as a credit reporting agency under the FCRA, and, in those instances, our collection, use, and sharing of this information is regulated by the FCRA. We are also provided with this information when acting as a service provider to financial institutions, in which cases our use of the data is regulated by the Gramm-Leach-Bliley Act ("GLBA").

Commercial information. Information regarding products or services you have purchased or considered purchasing, or other purchasing or spending histories or tendencies.

Internet or other similar network activity. Information regarding your browsing history, search history, and information about how you interact with our websites, applications, advertisements, or emails.

Device information. Information about the devices you use to access our websites, applications, or advertisements, such as browser, operating system type, device ID, and IP address. Your IP address may be used to identify the general geographic location of your device.

Professional or employment-related information. Information regarding your employment status, history, and compensation. This is typically provided by your employer or its payroll provider as a result of Equifax providing a Workforce Solutions service to your employer, or otherwise collected through an Equifax affiliate's capacity as a credit reporting agency under the FCRA. Please read the Equifax Workforce Solutions section for more information.

Support information. Information you provide when you contact Equifax for support, such as the content of your communications with Equifax, and the products or services related to your inquiry. When you contact us, such as for customer support, phone conversations or chat sessions with our representatives may be monitored and recorded.

Education information. Information regarding your education history, including degrees earned and student loan financial information.

Inferences drawn from personal data. Profiles or scores developed using your personal data which reflect your preferences, characteristics, or consumer spending profile.

Public records information. Information about you lawfully made available by federal, state, or local governments. This includes information about legal proceedings in court records, incarceration records, and business ownership and affiliation information included in secretaries of state filings.

Photos. For authentication purposes, in some circumstances we may request copies of your photo identification. Equifax also offers a product that allows you to verify your identity by submitting photos of yourself and your identification. Information collected and generated through this product is stored in accordance with our Notice of Collection, Storage, Use, and Destruction of Biometric Information.

We collect personal data from the following sources:

Directly from you. We collect personal data through our interactions with you, such as when you contact customer support or interact with our social media accounts. We also collect personal data from you through our products, such as when you register to create an account. Some of this information is collected about your interactions, use, and experience with our products and communications.

Devices and browsers. We collect personal data through browsers and devices that interact with our websites, online services, and mobile applications.

Employers. Companies provide us with personal data about their employees, including prospective and former employees. We usually receive this information as part of providing services to our Workforce Solutions customers. Employment and compensation information is sometimes provided by your employer's payroll provider on your employer's behalf. Please read the Equifax Workforce Solutions section for more information. We also receive this information when employers provide or purchase our products as a benefit to their employees.

Financial institutions. We collect personal data from companies that offer financial products or services to consumers, like loans, financial or investment advice, or insurance. This includes banks, mortgage lenders, loan brokers, some financial or investment advisors, insurance companies, and debt collectors.

Consumer credit customers. We collect personal data from businesses you permit to access your consumer credit report information in connection with a transaction between you and the business. For example, this includes retail businesses that offer branded credit cards, car dealerships that arrange or facilitate financing for your car purchase or lease, property managers that evaluate your lease application, utility and telecommunications providers, and third-party businesses that offer you access to the information in your Equifax consumer credit report as part of a product or service.

Third-party data providers. We purchase personal data from third-party companies that collect and aggregate personal data. Data resellers collect personal data from a variety of sources, including directly from consumers, through devices and browsers, public records, news sources, and from other businesses and data brokers.

Business customers. Our business customers provide us with personal data when we provide them with our products and services. For example, a business customer may provide us with its customer list so that Equifax can help manage its accounts through our identity resolution services, or provide information to supplement the customer list for marketing purposes. In most instances, Equifax is limited in using the personal data provided by the business customer to provide the product or service requested by the business customer.

Government agencies and contractors. Federal, state, and local government agencies and contractors provide us with personal data. We receive personal data from government agencies in our role as a service provider for government agencies, when providing compliance solutions for our Workforce Solutions customers, in our affiliates' role as a consumer reporting agency, and when we receive information used for compliance purposes such as government-maintained sanctions lists.

Public records. We collect personal data which is sourced from public records made available by federal, state, and local governments. This includes information on real property title, lien, ownership and sales history, tax assessments, secretary of state filings, court filings, and federally provided sanctions lists.

Business Purposes

We may use, process, or disclose the personal data we collect for one or more of the following business purposes:

  • Product development. Provide, improve, and develop our products and services, which includes updating, securing, and troubleshooting, as well as providing support.

  • Personalization. Personalize our products and services and make recommendations.

  • Marketing offers. Advertise and market products and services to you from both affiliated and non-affiliated entities, which includes sending promotional communications, target advertising, and presenting you relevant offers.

  • Service delivery. To fulfill or meet the reason for which the information is provided. For example, if you provide us with personal data in order to dispute information in your consumer report, we may use the information to update your consumer report.

  • Communications. To provide you with email or SMS alerts and other notices concerning our products or services, or events or news, that may be of interest to you.

  • Contractual obligations. To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collections.

  • User Experience. To improve our websites and present their contents to you.

  • Analysis. For testing, research, analysis and product development.

  • Security. To detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity.

  • Authentication. For authentication purposes when you access our products or services and to help you recover forgotten passwords. 

 

Sharing Personal Data

We sometimes share personal data with third parties to carry out the above business purposes, including our affiliates and service providers. We may also share your personal data with third parties to whom you consent to us disclosing your personal data. Prior to sharing personal data with these third parties, we review the services performed by each third party and require that the third party both keep personal data confidential and secure and not use it for any purpose except performing the services. The categories of third parties we may share your personal data with for a business purpose include:

  • Advertising networks
  • Consumer credit customers
  • Consumer data resellers
  • Creditors/collection agencies
  • Data analytics providers
  • Data brokers
  • Employers
  • Financial Institutions
  • Fraud detection providers
  • Government agencies and contractors
  • Internet service providers
  • Operating systems and platforms
  • Social networks

 

We do not share personal data collected through mobile phones for authentication purposes with third-party affiliates for marketing purposes. Personal data collected through our websites is not sold or used for targeted advertising. Personal data collected for one of the above referenced business purposes is not sold or used for profiling in furtherance of decisions that produce legal or similarly significant effects concerning a consumer.

We also share personal data for the following reasons:

Disclosure for legal reasons or as necessary to protect Equifax, its affiliates and others. We may release personal data to third parties: (1) to comply with valid legal requirements such as a law, regulation, search warrant, subpoena, court order, or other legal process; (2) in special cases, such as a physical threat to you or others, a threat to homeland security, a threat to our system or network; or (3) cases in which we believe it is reasonably necessary to investigate or prevent harm, fraud, abuse, or illegal conduct.

Changes in our corporate structure. If all or part of our company is sold or merged, if we make a sale or transfer of assets, or in the unlikely event of a bankruptcy, we may transfer your information, including your personal data, to one or more third parties as part of that transaction.

 

Commercial Purposes

We use and sell personal data to nonaffiliated third parties for the following commercial purposes:

Consumer credit reporting. Some of our affiliates collect, use, and sell personal data when acting as a consumer reporting agency, as this activity is regulated by the FCRA. Acting as a consumer reporting agency, these affiliates collect personal data about your creditworthiness, credit standing, credit capacity and mode of living from a variety of data furnishers, share this information with credit providers and other entities when they make decisions to extend credit or enter into transactions with you, assist lenders and other creditors with their portfolio management, and use and/or disclose personal data for other permissible purposes under the FCRA, including, but not limited to, insurance underwriting, government benefits, and employment verification, and other uses at the consent of the consumer.

Commercial credit reporting. We collect, use, and sell personal data as part of our commercial credit reporting services. These services permit our customers to make informed decisions regarding providing credit to or investing in businesses. Commercial credit reports may contain the names and other personal data of owners, principals, guarantors, or agents of the businesses.

Workforce Solutions. We collect, use, and sell personal data as part of the Workforce Solutions that we provide to our employer customers. These services enable our customers to provide services and benefits to their employees, and to help manage their workforce in compliance with laws and regulations. Please read the Equifax Workforce Solutions section for more information.

Marketing services. We collect, use, and sell personal data as part of our consumer and commercial marketing services. This includes providing customers, including digital advertisers, with personal data of potential customers to inform their marketing efforts, or permitting our customers to enhance their existing marketing lists for accuracy and effectiveness.

Fraud detection and identity management. We collect, use, and sell personal data as a part of our fraud detection, identity verification, and identity resolution services. These services help us and our customers prevent security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, and prosecute those responsible for that activity, as well as more accurately manage the account information of their customers.

Regulatory compliance. We collect, use, and sell personal data as part of our regulatory compliance products, which help customers comply with federal, state and local laws and regulations.

Debt recovery. We collect, use, and sell personal data as part of our debt recovery products. These products help our customers locate consumers for the purposes of collecting debts owed by the consumer.

 

BACK TO TOP

We may use, disclose, sell, and share the following categories of personal data for the associated business and commercial purposes:

 

Category Business Purpose Commercial Purpose
Name and contact information
  • Product development
  • Marketing offers
  • Service delivery
  • Communications
  • Contractual obligations
  • Security
  • Authentication
  • Consumer credit reporting
  • Commercial credit reporting
  • Workforce Solutions
  • Marketing services
  • Fraud detection and identity management
  • Regulatory compliance
  • Debt recovery
Identifiers
  • Product development
  • Service delivery
  • Security
  • Analysis
  • Authentication
  • Consumer credit reporting
  • Commercial credit reporting
  • Workforce Solutions
  • Marketing services
  • Fraud detection and identity management
  • Regulatory compliance
  • Debt recovery
Demographic information
  • Product development
  • Security
  • Analysis
  • Authentication
  • Consumer credit reporting
  • Commercial credit reporting
  • Workforce Solutions
  • Marketing services
  • Fraud detection and identity management
  • Regulatory compliance
  • Debt recovery
Payment information
  • Service delivery
  • Contractual obligations
  • Authentication
  • Fraud detection and identity management
Financial information
  • Product development
  • Service delivery
  • Analysis
  • Consumer credit reporting
  • Commercial credit reporting
  • Workforce Solutions
Commercial information
  • Product development
  • Personalization
  • Marketing offers
  • Service delivery
  • Contractual obligations
  • Analysis
  • Authentication
  • Consumer credit reporting
  • Commercial credit reporting
  • Marketing services
  • Fraud detection and identity management
  • Regulatory compliance
  • Debt recovery
Internet or other similar network activity
  • Product development
  • Personalization
  • Marketing offers
  • Service delivery
  • User experience
  • Analysis
  • Authentication
  • Consumer credit reporting
  • Commercial credit reporting
  • Workforce Solutions
  • Marketing services
  • Fraud detection and identity management
  • Regulatory compliance
  • Debt recovery
Device information
  • Product development
  • Personalization
  • Marketing offers
  • Service delivery
  • User experience
  • Analysis
  • Security
  • Authentication
  • Fraud detection and identity management
Professional or employment-related information
  • Product development
  • Service delivery
  • Consumer credit reporting
  • Commercial credit reporting
  • Workforce Solutions
  • Marketing services
  • Fraud detection and identity management
  • Regulatory compliance
  • Debt recovery
Support information
  • Product development
  • Personalization
  • Marketing offers
  • Service delivery
  • Communications
  • Contractual obligations
  • Analysis
  • Fraud detection and identity management
Education information
  • Product development
  • Service delivery
  • Consumer credit reporting
  • Commercial credit reporting
  • Workforce Solutions
  • Marketing services
  • Fraud detection and identity management
  • Regulatory compliance
  • Debt recovery
Inferences drawn from personal data
  • Product development
  • Personalization
  • Marketing offers
  • Service delivery
  • Analysis
  • Consumer credit reporting
  • Commercial credit reporting
  • Marketing services
  • Fraud detection and identity management
  • Regulatory compliance
  • Debt recovery
Public records information
  • Product development
  • Service delivery
  • Consumer credit reporting
  • Commercial credit reporting
  • Workforce Solutions
  • Marketing services
  • Fraud detection and identity management
  • Regulatory compliance
  • Debt recovery
Photos
  • Service delivery
  • Authentication
  • Fraud detection and identity management

We do not “sell” personal information of consumers under the age of 16 years old, as defined in applicable privacy laws.

The entity maintaining this website is a data broker under Texas law. To conduct business in Texas, a data broker must register with the Texas Secretary of State (Texas SOS). Information about data broker registrants is available on the Texas SOS website.

In cases where we have data that cannot be reasonably linked to, or used to infer information about you (i.e., de-identified data), we are committed to maintaining and using the information in a de-identified form and not attempting to re-identify the information, except in an effort to confirm the efficacy of the de-identification process.

BACK TO TOP

Through its Equifax Workforce Solutions ("EWS") products, an affiliate of Equifax collects employee personal data from employers and their employees. EWS's employment verification products use employer-provided information to offer income and employment verification services, which automates the process of employers responding to employment and income verification requests from third parties such as lenders and banks. The collection, use, and sharing of personal data for this purpose is regulated by the FCRA.

EWS also offers products which allow employers to outsource and automate the performance of certain payroll-related and human resource management business processes, including unemployment claims management, tax credits and incentives, I-9 and W-2 form management services, immigration case management, and services which assist with Affordable Care Act compliance. Employers and employees provide employee personal data to Equifax through these EWS products.

As part of providing EWS services, Equifax and its affiliates agree to only use personal data collected through EWS products for the purpose of providing the EWS services, and not for other purposes such as marketing. This applies to employee personal data provided to Equifax by an employer and personal data provided to Equifax by an employee through interacting with an EWS product.

In some instances, when permitted by its clients, EWS uses deidentified employee data to perform analytics, modeling and/or demographic studies. This deidentified employee data does not include any information that individually, or collectively, could be used to identify either the employer or individual employees.

BACK TO TOP

Equifax Information Services LLC partners with Mitek Systems Inc., Private Identity LLC, and Acuant Inc. to offer products through which Equifax, other businesses, and government agencies allow you to verify your identity by submitting photos of yourself and your photo identification. If you utilize one of these products, Equifax Information Services LLC, its partners Mitek Systems Inc., Private Identity LLC, Acuant Inc., and the other business or government agency with which you initiate the transaction (the "Parties"), may collect, capture, transmit, store, maintain, use, and otherwise process information about face geometry and related biometric information derived from the photos and other information (including information from your driver's license/passport) that you submit to us for the purpose of providing identity-verification services.

The Parties may use this information from the time of your submission of the information to us, and for the duration of the period that we need to retain the information for identity-verification purposes. We will promptly destroy all biometric information after the completion of our verification process, in no case longer than 13 months after your submission of the information to us.

When you consent to the collection and use of this information, you acknowledge and agree that the Parties may share biometric information with other service providers for use in the verification services. Otherwise, we will not disclose face geometry or other biometric information to third parties without first obtaining additional consent.

Your consent to this Notice of Collection, Storage, use and Destruction of Biometric Information prior to submitting the photos signifies your written release to us to collect, store, use, and eventually destroy the face geometry and other biometric information that we may derive from the information that you submit to us.;

BACK TO TOP

Cookies

We use session and persistent cookie technology. Cookies are text files saved by a device's browser that stores information. That information is available to us later when the browser returns to one of our websites.

 

Web Beacons

We use web beacons to tell us when a person views a web page, opens a video or reads their email. Web beacons are small pieces of code placed on webpages, videos, and in emails.

 

Other Local Storage

We use other kinds of local device storage in connection with the use of our services. These technologies are similar to cookies in that they are stored on devices. Local storage allows us to monitor people's activities on our services and store their preferences.

 

Measurement Code

We use code on our websites to estimate financial and other attributes of our visitors. This is done by correlating the IP address of the visitor with a geographic location. We then correlate that with general financial and economic information about people in that location.

 

Third-party Cookies and Tracking Technology

Our partners use cookies, web beacons, and other technologies for similar purposes. We have agreements with companies, sometimes called "Ad Networks," that serve advertising on behalf of other companies. These Ad Networks may place or recognize a cookie, called a "third party cookie," on a visitor's computer when they visit a website not affiliated with us that has a contract with them. Ad Networks use cookies to understand web usage patterns of people who see advertisements, to control the sequence of advertisements they see, to provide them with the most relevant advertising, and to make sure they don't see the same ad too many times. Ad Networks may connect information about pages visited on our site with information about pages visited on other sites. They show advertising based on this combined information, including advertising for our products.

While we do not control Ad Networks or what they do with the information they collect, we only work with companies that have agreed to participate in the Network Advertising Initiative (NAI), the Digital Advertising Alliance (DAA), and/or the Interactive Advertising Bureau (IAB), and abide by the associated principles.

 

Analytics Services

Our websites, products, and online advertisements often contain web beacons or similar technologies from third-party analytics providers, which help us compile aggregated statistics about the effectiveness of our promotional campaigns or other operations. These analytics providers are able to set or read their own cookies on your device through which they can collect information about your online activities across applications, websites, and other products. To learn more about controlling information provided to these analytics providers, click on the following links: Adobe opt-out siteGoogle Analytics Opt-out Browser Add-on

BACK TO TOP

In general, choices concerning our collection, use and disclosure of information are limited to those provided by law. For details of choices under the Federal Fair Credit Reporting Act, please see our FCRA Summary of Rights web page. Beyond those choices, individuals may elect to not provide information directly to us. However, in many cases this will limit our ability to provide services.

 

Opting out of Promotional or Marketing Email

If you do not wish to receive promotional or marketing offers by email, you may opt out of receiving further promotional offers and emails by clicking on the "unsubscribe" button in the email. In addition, some Equifax products allow you to manage your communications preferences by logging into your account and managing your account profile. For example, you can manage this preference by logging into my.equifax.com and clicking on "My Account." Note, however, if you are an Equifax customer, you will continue to receive emails from us related to the operation and administration of your account.

 

Opt out of the Sharing of your Personal Data

You can limit the sharing of your personal data among our affiliates to market to you, the sharing of your personal data with non-affiliates to market to you (other than sharing as part of a joint marketing agreement), and the sharing of personal data regarding your creditworthiness among Equifax affiliates for everyday business purposes. To limit the sharing of your personal data, take any of the below actions:

  • Visit us online: https://www.equifax.com/personal/credit-report-services/.

  • Call 1-866-807-7461 from 8:00 a.m. - 3 a.m., Eastern Time seven days a week—our menu will prompt you through your choice(s).

  • Log in to your my.equifax.com account and manage your sharing preferences in "My Account."

 

Online Behavioral Advertising

You can opt out of receiving ads based on your online behavior either by visiting the DAA opt-out page at http://www.aboutads.info/choices/, the Network Advertising Initiative opt-out page http://optout.networkadvertising.org/?c=1, or by clicking on the Ad-Choices icon in or near the ad. If you elect to opt out of online behavioral advertising (OBA), you will still see ads, but they may not be as relevant to you. Please keep in mind that opting out is cookie-based and will only affect the specific computer and browser on which the opt out cookie is applied. If you delete your browser cookies or if you use a different computer or different browser and want to continue to be opted out of interest-based advertising, you will need to opt out again. For more information, please read our Online Behavioral Advertising Notice

You can learn more about online advertising, including OBA or interest-based advertising, on the DAA website at www.aboutads.info/consumers and on the Network Advertising Initiative web site at www.networkadvertising.org/

 

Do Not Track

Some browsers transmit "do not track" signals to the websites and other online services with which a user communicates. We currently do not take action in response to these signals

 

BACK TO TOP

We are committed to protecting the security of your personal data and use a variety of security technologies and procedures to help protect your personal data from unauthorized access, use, or disclosure. However, no data transmission or storage can be guaranteed to be 100% secure. As a result, while we strive to protect the personal data we maintain, we cannot ensure or warrant the security of any information that you transmit to us. Equifax complies with applicable data protection laws, including security breach notification laws.

 

BACK TO TOP

The below section, as required by the California Consumer Privacy Act of 2018 ("CCPA") and its successor, the California Privacy Rights Act of 2020 (“CPRA”), supplements the information contained in the Equifax Privacy Statement and applies solely to visitors, users, and others who reside in the State of California. Any terms defined in the CPRA have the same meaning when used in the below section. To exercise your right to opt-out of the sale of your personal information, or to limit the use and disclosure of your sensitive personal information, you may click here: Your Privacy Choices or call our Customer Care team at the number listed below.

Categories of Personal Information Collected

We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device ("personal information"). In particular, we have collected the following categories of California consumer personal information from the following sources within the last twelve (12) months:

Category Examples Sources Collected
Identifiers Including, but not limited to:
  • Name, alias, postal address, email address
  • Unique personal identifier, online identifier, Internet Protocol address
  • Account name
  • Social Security number, driver's license number, passport number
  • Directly from you
  • Devices and browsers
  • Employers
  • Financial institutions
  • Consumer credit customers
  • Third-party data providers
  • Business customers
  • Government agencies and contractors
  • Public records
YES
Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))
Any information that identifies, relates to, describes, or is capable of being associated with, a particular individual, including, but not limited to, an individual’s name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.

Some personal information included in this category may overlap with other categories.

Some personal information included in this category may overlap with other categories. Including, but not limited to:

  • Name, address, telephone number
  • Social Security number, passport number, driver's license or state identification card number
  • Education
  • Employment and employment history
  • Bank account number, credit card number, debit card number, or any other financial information
  • Directly from you
  • Devices and browsers
  • Employers
  • Financial institutions
  • Consumer credit customers
  • Third-party data providers
  • Business customers
  • Government agencies and contractors
  • Public records
YES
Protected classification characteristics under California or federal law

An individual’s age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).

Including, but not limited to:

  • Age, race, citizenship, marital status, gender, veteran or military status, and ethnicity
  • Directly from you
  • Devices and browsers
  • Employers
  • Financial institutions
  • Consumer credit customers
  • Third-party data providers
  • Business customers
  • Government agencies and contractors
  • Public records
YES
Commercial Information Including, but not limited to:
  • Records of personal property
  • Products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies
  • Directly from you
  • Devices and browsers
  • Employers
  • Financial institutions
  • Consumer credit customers
  • Third-party data providers
  • Business customers
  • Government agencies and contractors
  • Public records
YES
Biometric Information Including, but not limited to:
  • Copies of photo identification for authentication purposes
  • Call recordings from customer service calls for quality assurance purposes

We also collect biometric information through an identity-verification product, as explained in our Notice of Collection, Storage, Use, and Destruction of Biometric Information.

  • Directly from you
YES
Internet or other similar activity Including, but not limited to:
  • Browsing history
  • Search history
  • Information on a consumer's interaction with a website, application, or advertisement.
  • Directly from you
  • Devices and browsers
  • Third-party data providers
YES
Geolocation data Including, but not limited to:
  • Physical location or movements
  • Directly from you
  • Devices and browsers
  • Employers
  • Financial institutions
  • Consumer credit customers
  • Third-party data providers
  • Business customers
  • Government agencies and contractors
  • Public records
YES
Sensory Data

Including, but not limited to:

  • Audio and electronic recording from customer service calls
  • Directly from you
YES

Professional or employment-related data

Including, but not limited to:

  • Current or past job history, including employment dates, employer name, and employer information
  • Directly from you
  • Devices and browsers
  • Employers
  • Financial institutions
  • Consumer credit customers
  • Third-party data providers
  • Business customers
  • Government agencies and contractors
  • Public records
YES

Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99))

Including, but not limited to:

  • Education records including dates of attendance
  • Directly from you
  • Devices and browsers
  • Employers
  • Financial institutions
  • Consumer credit customers
  • Third-party data providers
  • Business customers
  • Government agencies and contractors
YES
Inferences drawn from other personal information

Including, but not limited to:

  • Personal preferences
  • Characteristics
  • Behavior
  • Directly from you
  • Devices and browsers
  • Employers
  • Financial institutions
  • Consumer credit customers
  • Third-party data providers
  • Business customers
  • Government agencies and contractors
  • Public records
YES
Sensitive Personal Information

Including, but not limited to:

  • Social Security number, driver’s license number, state ID number, or passport number
  • Financial account information
  • Precise geolocation
  • Racial or ethnic origin, religious or philosophical beliefs
  • Contents of mail, email, or text messages
  • Biometric data
  • Medical or health data
  • Personal data that reveals a person’s sexual orientation or sex life preferences
  • Directly from you
  • Devices and browsers
  • Employers
  • Financial institutions
  • Consumer credit customers
  • Third-party data providers
  • Business customers
  • Government agencies and contractors
  • Public records
YES

Equifax retains the personal information, including sensitive personal information, it collects about consumers for only as long as it is required to provide consumers with goods or services they request and in accordance with applicable law.

 

Purpose and Use of Personal Information Collected
We may use or disclose the personal information we collect for one or more of the following business purposes:

  • Provide, improve, and develop our products and services, which includes updating, securing, and troubleshooting, as well as providing support.
  • Personalize our products and services and make recommendations.
  • Advertise and market products and services to you from both affiliated and non-affiliated entities, which includes sending promotional communications, target advertising, and presenting you relevant offers.
  • To fulfill or meet the reason for which the information is provided. For example, if you provide us with personal information in order to dispute information in your consumer report, we may use the information to update your consumer report.
  • To provide you with email or SMS alerts and other notices concerning our products or services, or events or news, that may be of interest to you.
  • To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collections.
  • To improve our websites and present their contents to you.
  • For testing, research, analysis and product development.
  • To detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity.
  • For authentication purposes when you access our products or services and to help you recover forgotten passwords.
  • Disclosure for legal reasons or as necessary to protect Equifax, its affiliates and others.
  • Changes in our corporate structure.


Disclosing your Personal Information
In the preceding 12 months, we have disclosed the following categories of personal information to third parties for business purposes:

Category May be disclosed for a business purpose to the following categories of third parties:
Identifiers
  • Advertising networks
  • Business process outsourcing providers
  • Creditors/collection agencies
  • Consumer data resellers
  • Data analytics providers
  • Data brokers
  • Data processors and storage providers
  • Equifax group companies in the United States
  • Financial Institutions
  • Government agencies and contractors
  • Identity verification companies
  • Insurance carriers/agencies/partners
  • Internet service providers
  • Marketing companies
  • Operating systems and platforms
  • Parties to litigation
  • Retail merchants
  • Social networks
  • Utility providers
Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))
  • Advertising networks
  • Business process outsourcing providers
  • Creditors/collection agencies
  • Consumer data resellers
  • Data analytics providers
  • Data brokers
  • Data processors and storage providers
  • Equifax group companies in the United States
  • Financial Institutions
  • Government agencies and contractors
  • Identity verification companies
  • Insurance carriers/agencies/partners
  • Internet service providers
  • Marketing companies
  • Operating systems and platforms
  • Parties to litigation
  • Retail merchants
  • Social networks
  • Utility providers
Protected classification characteristics under California or federal law
  • Advertising networks
  • Business process outsourcing providers
  • Creditors/collection agencies
  • Consumer data resellers
  • Data analytics providers
  • Data brokers
  • Data processors and storage providers
  • Equifax group companies in the United States
  • Financial Institutions
  • Government agencies and contractors
  • Identity verification companies
  • Insurance carriers/agencies/partners
  • Internet service providers
  • Marketing companies
  • Operating systems and platforms
  • Parties to litigation
  • Retail merchants
  • Social networks
  • Utility providers
Commercial Information
  • Advertising networks
  • Business process outsourcing providers
  • Creditors/collection agencies
  • Consumer data resellers
  • Data analytics providers
  • Data brokers
  • Data processors and storage providers
  • Equifax group companies in the United States
  • Financial Institutions
  • Government agencies and contractors
  • Identity verification companies
  • Insurance carriers/agencies/partners
  • Internet service providers
  • Marketing companies
  • Operating systems and platforms
  • Parties to litigation
  • Retail merchants
  • Social networks
  • Utility providers
Biometric Information
  • Identity verification companies
Internet or other similar activity
  • Advertising networks
  • Business process outsourcing providers
  • Creditors/collection agencies
  • Consumer data resellers
  • Data analytics providers
  • Data brokers
  • Data processors and storage providers
  • Equifax group companies in the United States
  • Financial Institutions
  • Government agencies and contractors
  • Identity verification companies
  • Insurance carriers/agencies/partners
  • Internet service providers
  • Marketing companies
  • Operating systems and platforms
  • Parties to litigation
  • Retail merchants
  • Social networks
  • Utility providers
Geolocation data
  • Advertising networks
  • Business process outsourcing providers
  • Creditors/collection agencies
  • Consumer data resellers
  • Data analytics providers
  • Data brokers
  • Data processors and storage providers
  • Equifax group companies in the United States
  • Financial Institutions
  • Government agencies and contractors
  • Identity verification companies
  • Insurance carriers/agencies/partners
  • Internet service providers
  • Marketing companies
  • Operating systems and platforms
  • Parties to litigation
  • Retail merchants
  • Social networks
  • Utility providers
Sensory Data
  • Business process outsourcing providers
  • Equifax companies
Professional or employment-related data
  • Advertising networks
  • Business process outsourcing providers
  • Creditors/collection agencies
  • Consumer data resellers
  • Data analytics providers
  • Data brokers
  • Data processors and storage providers
  • Equifax group companies in the United States
  • Financial Institutions
  • Government agencies and contractors
  • Identity verification companies
  • Insurance carriers/agencies/partners
  • Internet service providers
  • Marketing companies
  • Operating systems and platforms
  • Parties to litigation
  • Retail merchants
  • Social networks
  • Utility providers
Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99))
  • Advertising networks
  • Business process outsourcing providers
  • Creditors/collection agencies
  • Consumer data resellers
  • Data analytics providers
  • Data brokers
  • Data processors and storage providers
  • Equifax group companies in the United States
  • Financial Institutions
  • Government agencies and contractors
  • Identity verification companies
  • Insurance carriers/agencies/partners
  • Internet service providers
  • Marketing companies
  • Operating systems and platforms
  • Parties to litigation
  • Retail merchants
  • Social networks
  • Utility providers
Inferences drawn from other personal information
  • Advertising networks
  • Business process outsourcing providers
  • Creditors/collection agencies
  • Consumer data resellers
  • Data analytics providers
  • Data brokers
  • Data processors and storage providers
  • Equifax group companies in the United States
  • Financial Institutions
  • Government agencies and contractors
  • Identity verification companies
  • Insurance carriers/agencies/partners
  • Internet service providers
  • Marketing companies
  • Operating systems and platforms
  • Parties to litigation
  • Retail merchants
  • Social networks
  • Utility providers
Sensitive Personal Information
  • Advertising networks
  • Business process outsourcing providers
  • Creditors/collection agencies
  • Consumer data resellers
  • Data analytics providers
  • Data brokers
  • Data processors and storage providers
  • Equifax group companies in the United States
  • Financial Institutions
  • Government agencies and contractors
  • Identity verification companies
  • Insurance carriers/agencies/partners
  • Internet service providers
  • Marketing companies
  • Operating systems and platforms
  • Parties to litigation
  • Retail merchants
  • Social networks
  • Utility providers


Selling or Sharing your Personal Information
In the preceding 12 months, we may have sold or shared the below categories of personal information for commercial purposes:

Category May be sold to the following categories of third parties:
Identifiers
  • Advertising networks
  • Consumer credit customers
  • Consumer data resellers
  • Creditors/collection agencies
  • Data analytics providers
  • Data brokers
  • Employers
  • Financial Institutions
  • Fraud detection providers
  • Government agencies and contractors
  • Internet service providers
  • Operating systems and platforms
  • Social networks
Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))
  • Advertising networks
  • Consumer credit customers
  • Consumer data resellers
  • Creditors/collection agencies
  • Data analytics providers
  • Data brokers
  • Employers
  • Financial Institutions
  • Fraud detection providers
  • Government agencies and contractors
  • Internet service providers
  • Operating systems and platforms
  • Social networks
Protected classification characteristics under California or federal law
  • Advertising networks
  • Consumer credit customers
  • Consumer data resellers
  • Creditors/collection agencies
  • Data analytics providers
  • Data brokers
  • Employers
  • Financial Institutions
  • Fraud detection providers
  • Government agencies and contractors
  • Internet service providers
  • Operating systems and platforms
  • Social networks
Commercial Information
  • Advertising networks
  • Consumer credit customers
  • Consumer data resellers
  • Creditors/collection agencies
  • Data analytics providers
  • Data brokers
  • Employers
  • Financial Institutions
  • Fraud detection providers
  • Government agencies and contractors
  • Internet service providers
  • Operating systems and platforms
  • Social networks
Biometric Information
  • We do not sell Biometric Information
Internet or other similar activity
  • Advertising networks
  • Consumer credit customers
  • Consumer data resellers
  • Creditors/collection agencies
  • Data analytics providers
  • Data brokers
  • Employers
  • Financial Institutions
  • Fraud detection providers
  • Government agencies and contractors
  • Internet service providers
  • Operating systems and platforms
  • Social networks
Geolocation data
  • Advertising networks
  • Consumer credit customers
  • Consumer data resellers
  • Creditors/collection agencies
  • Data analytics providers
  • Data brokers
  • Employers
  • Financial Institutions
  • Fraud detection providers
  • Government agencies and contractors
  • Internet service providers
  • Operating systems and platforms
  • Social networks
Sensory Data
  • We do not sell Sensory Data
Professional or employment-related data
  • Advertising networks
  • Consumer credit customers
  • Consumer data resellers
  • Creditors/collection agencies
  • Data analytics providers
  • Data brokers
  • Employers
  • Financial Institutions
  • Fraud detection providers
  • Government agencies and contractors
  • Internet service providers
  • Operating systems and platforms
  • Social networks
Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99))
  • Advertising networks
  • Consumer credit customers
  • Consumer data resellers
  • Creditors/collection agencies
  • Data analytics providers
  • Data brokers
  • Employers
  • Financial Institutions
  • Fraud detection providers
  • Government agencies and contractors
  • Internet service providers
  • Operating systems and platforms
  • Social networks
Inferences drawn from other personal information
  • Advertising networks
  • Consumer credit customers
  • Consumer data resellers
  • Creditors/collection agencies
  • Data analytics providers
  • Data brokers
  • Employers
  • Financial Institutions
  • Fraud detection providers
  • Government agencies and contractors
  • Internet service providers
  • Operating systems and platforms
  • Social networks
Sensitive Personal Information
  • Advertising networks
  • Consumer credit customers
  • Consumer data resellers
  • Creditors/collection agencies
  • Data analytics providers
  • Data brokers
  • Employers
  • Financial Institutions
  • Fraud detection providers
  • Government agencies and contractors
  • Internet service providers
  • Operating systems and platforms
  • Social networks

We do not “sell” personal information of consumers under the age of 16 years old, as defined in applicable privacy laws.

 

Rights of California Residents

California residents have the right to submit the following privacy rights requests to Equifax.

Know and Access

You have a right to make a verifiable request to Equifax to provide you with the following information, covering the 12 months preceding the date your request is submitted.

  • The categories and specific pieces of personal information collected, sold, or shared about you.
  • The categories of sources of the personal information collected about you.
  • The business or commercial purposes for collecting, selling, or sharing your personal information.
  • The categories of third parties to whom we disclosed, sold  or shared your personal information.
  • The categories of personal information we disclosed, sold or shared about you for a business purpose.

 

Correction

You have the right to make a verifiable request to Equifax to correct inaccurate personal information collected from you, subject to certain exceptions. Once we receive and confirm your verifiable request, we will correct (and direct our service providers to correct) your inaccurate personal information in our records. Equifax has chosen to delete inaccurate personal information from its systems and applications in lieu of correcting inaccurate personal information.

Deletion

You have the right to make a verifiable request to Equifax to delete the personal information collected from you, subject to certain exceptions. Once we receive and confirm your verifiable request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.

We may deny your deletion request if retaining the information is necessary for us or our service providers to:

  • Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
  • Debug products to identify and repair errors that impair existing intended functionality.
  • Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
  • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
  • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent.
  • Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
  • Comply with a legal obligation.
  • Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

 

Opt-Out

You have the right to request that Equifax no longer sell or share your personal information.

Limit the Use and Disclosure of Sensitive Personal Information
You have the right to request that Equifax limit the use and disclosure of any sensitive personal information we collected from you to only the use or disclosure reasonably necessary to perform the requested service, subject to certain exceptions.

We may deny your limit use and disclosure of sensitive personal information request if the information is necessary for us or our service providers to:

  • Complete the service the information was intended for.
  • If the sensitive personal information that is collected or processed is not intended for the purpose of inferring characteristics about you.

 

Submit a Verifiable Request, Opt-Out of Sale Request, or Limit Use and Disclosure Request

To make a verifiable consumer request, opt-out of sale request, limit use and disclosure request, visit myPrivacy or call our Customer Care team at 1-866-295-6801 (our regular business hours of 9 A.M. - 9 P.M. ET Monday to Friday, and 9 A.M. to 6 P.M. ET Saturday and Sunday, excluding holidays). To exercise your right to opt-out of the sale of your personal information, or to limit the use and disclosure of your sensitive personal information, you may click here: Your Privacy Choices or call our Customer Care team at the number listed above.

To ensure the security of personal information and prevent fraudulent requests, we may need to collect personal information and other information such as your name, address, or email to verify your identity.

Authorized Agent

If a consumer is using an authorized agent to make privacy rights requests on the consumer's behalf, the following is required.

Using an authorized agent without power of attorney to submit a request to know, correct, or delete

  • Completed Authorized Agent Form.
  • Signed permission from the consumer authorizing the agent to submit the consumer privacy request on their behalf.
  • The consumer must verify their own identity directly with the business by submitting the following documentation:

    A copy of a social security card issued by the Social Security Administration.

    A certified or official copy of a birth certificate issued by the entity authorized to issue the birth certificate.

Using an authorized agent with power of attorney to submit a request to know, correct, or delete

If you have provided the authorized agent with power of attorney pursuant to California Probate Code sections 4000 to 4465, the following is required:

  • Completed Authorized Agent Form.
  • The valid power of attorney executed lawfully under California Probate Code sections 4000 to 4465.

 

Using an authorized agent to submit an opt-out or limit use and disclosure request

  • Completed Authorized Agent Form.
  • Written permission, signed by the consumer, authorizing the agent to submit the opt-out or limit use and disclosure request.

Please submit the required information to:

Equifax Information Services LLC
P.O. Box 740041
Atlanta, GA 30348

Right to be Free from Discrimination

Equifax is prohibited from discriminating against in any way in response to your exercise of any of these rights. This means we will not:

  • Deny you goods or services.
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
  • Provide you a different level or quality of goods or services.
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
  • Offer a product enhancement or financial incentive that is contingent on you sharing personal information, unless that incentive is reasonably related to the value provided to us by that collection.

 

Individual Rights Requests Metrics Reporting

The following metrics are representative of individual rights requests submitted by California consumers for the period of January 1, 2023, to December 31, 2023.* The following metrics apply to the CCPA and California Delete Act.

Request Type Total Received Total Complied With Total Denied Average Days to Complete Median Days to Complete

Right to Know/Access

243

243

0

28

2

Right to Correct

33

33

0

1

1

Right to Delete

272

272

0

1

1

Right to Opt-out

73,320

73,320

0

1

1

Right to Limit Use

2,473

2,473

0

1

1

 

* Equifax does not delete data that is exempt from the requirements of the California Consumer Privacy Act, including data subject to the Fair Credit Reporting Act, Gramm-Leach-Bliley Act, and for fraud prevention purposes.

BACK TO TOP

 

Equifax Inc. and its U.S. subsidiary Kount Inc. (together, "Equifax") comply with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF as set forth by the U.S. Department of Commerce. Equifax has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom in reliance on the UK Extension to the EU-U.S. DPF. Equifax adheres to the EU-U.S. DPF Principles for consumer data. If there is any conflict between the terms in this Privacy Statement and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/

Personal data collected from you may be stored in the region in which you reside, and depending on the service or data use, Equifax may also store and process your data in other regions where Equifax or its affiliates, subsidiaries, or service providers operate. Equifax takes steps to process data we collect in accordance with this Privacy Statement and the requirements of applicable law. Your personal data may be shared with third parties to perform services on our behalf. In the context of an onward transfer, Equifax has responsibility for processing personal data it receives under the DPF and subsequently transfers to a third party for external processing. If we transfer personal data received under the DPF to a third party, the third party's access, use, and disclosure of personal data must also be in compliance with our DPF obligations, and we will remain liable under the DPF for any failure to do so by the third party unless we prove we are not responsible for the event giving rise to the damage. For information related to the types of data we collect, the purposes for collecting data, the types of third parties we may disclose your data to, and your rights, please refer to the applicable sections of this Privacy Statement. 

If you have a question or complaint related to our participation in the DPF, we encourage you to contact us through our Privacy Contact Form or write to the Chief Privacy Officer, Equifax Inc., 1550 Peachtree Street, NW, Atlanta, GA 30309. Please reference “Data Privacy Framework,” when contacting us about the DPF. For any complaints related to the DPF that Equifax cannot resolve directly, we have chosen to cooperate with the relevant EU Data Protection Authority, or a panel established by the European data protection authorities, for resolving disputes with EU individuals, and the UK Information Commissioner’s Office for resolving disputes with UK individuals. As further explained in the DPF Principles, binding arbitration is available, under certain conditions, to address residual complaints not resolved by other means. Individuals seeking additional information can visit the DPF Annex I for more information. Equifax is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC) and may be required to disclose personal data we handle under the DPF in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

BACK TO TOP

Residents of Colorado, Connecticut, Florida, Montana, Oregon, Texas, Utah, and Virginia have the right to submit the following privacy rights requests to Equifax.

Know and Access
You have a right to make a verifiable request to Equifax to provide you with the information Equifax maintains about you.

Correction
You have the right to make a verifiable request to Equifax to correct inaccurate personal information, subject to certain exceptions. Equifax has chosen to delete inaccurate personal information from its systems and applications in lieu of correcting inaccurate personal information.

Deletion
You have the right to make a verifiable request to Equifax to delete the personal information it maintains about you, subject to certain exceptions*. Once we receive and confirm your verifiable request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
* Equifax does not delete data that is subject to the Fair Credit Reporting Act, Gramm-Leach-Bliley Act, and for fraud prevention purposes.

Opt-Out
You have the right to request that Equifax no longer sell your personal information or process your personal information for targeted advertising and profiling.

To make a verifiable consumer request or opt-out request, visit myPrivacy or call our Customer Care team at 1-866-295-6801 (our regular business hours of 9 A.M. - 9 P.M. ET Monday to Friday, and 9 A.M. to 6 P.M. ET Saturday and Sunday, excluding holidays). To exercise your right to opt-out, you may click here: Your Privacy Choices or call our Customer Care team at the number listed above.

To ensure the security of personal information and prevent fraudulent requests, we may need to collect personal information and other information such as your name, address, or email, or transaction history to verify your identity.

To appeal the response to your consumer rights request, please submit an inquiry through our Privacy Contact Form or write to the Chief Privacy Officer, Equifax Inc., 1550 Peachtree Street, NW, Atlanta, GA 30309. Please reference “Appeal Consumer Rights Request,” when exercising your right to appeal.

BACK TO TOP

We may change this online privacy statement in the future. If we make changes to this privacy statement we will post the revised privacy statement and its effective date on this website.

BACK TO TOP

If you have questions or comments about this privacy statement, please submit an inquiry through our Privacy Contact Form or write to the Chief Privacy Officer, Equifax Inc., 1550 Peachtree Street, NW, Atlanta, GA 30309.  Please reference "Equifax Privacy Statement," when contacting us about this privacy statement.

BACK TO TOP