Latest Version PDF EQUIFAX WORKFORCE SOLUTIONS PRIVACY NOTICE
Date last updated: September 2021
EQUIFAX WORKFORCE SOLUTIONS PRIVACY NOTICE
Date last updated: September 2021
OVERVIEW
This Equifax Workforce Solutions Privacy Notice (“EWS Notice”) describes how and why Equifax Limited (“Equifax”, “we”, “our” and “us”) use your personal data when we administer our Workforce Solutions database and any services which are reliant on the Workforce Solutions database (collectively the “EWS Services”).
You should read this EWS Notice to understand what we are doing with your personal data, the basis on which we undertake such use, who we share your data with and your rights in relation to your personal data.
“Personal data” is any information that relates to an identifiable natural person. Your name, address, contact details and financial data are all examples. The term “process” means any activity relating to personal data, including (for example) its collection, storage, transfer or other use.
Equifax is a
EQUIFAX’S OTHER PRIVACY POLICIES
This EWS Notice only concerns the use of your personal data in relation to the EWS Services provided by Equifax.
Equifax will likely also process personal data about you as part of Equifax’s core credit referencing activities.
How and why Equifax processes your personal data for its core credit referencing activities, is explained in both the ‘Credit Reference Agency Information Notice’ (CRAIN) and the ‘Equifax Information Notice’ (EIN). Copies of which can be found here:
●CRAIN - www.equifax.co.uk/crain
●EIN - www.equifax.co.uk/ein
These will apply in conjunction with this EWS Notice so please ensure that you review each document, as applicable.
How Equifax processes your personal data when you access www.equifax.co.uk is explained in the ‘Privacy & Cookies Policy’ which can be found at:
CONTENT OF THIS EWS NOTICE:
1.How can you contact us?
2.What types of personal data do we process and where do we get it?
3.What do we do with your personal data and why?
4.Who do we share your personal data with and why?
5.Where in the world is your personal data processed?
6.How do we communicate with you?
7.How do we safeguard your personal data?
8.How long do we keep your personal data?
9.What are your rights in relation to your personal data?
10.Changes to this EWS Notice
1.HOW CAN YOU CONTACT US?
We can be contacted by any of the following methods:
Post: Equifax Ltd, Customer Service Centre, PO Box 10036, Leicester, LE3 4FS.
Web Address:
Secure email via: www.equifax.co.uk/ask
Additionally, Equifax Ltd has a dedicated Data Protection Officer who can be contacted as follows:
Post: Equifax Ltd, Data Protection Officer, PO Box 10036, Leicester, LE3 4FS.
Email: UKDPO@equifax.com
2.WHAT TYPES OF PERSONAL DATA DO WE PROCESS AND WHERE DO WE GET IT?
In order to provide the EWS Services, we will collect and/or receive the following types of information:
Category
Type of personal data
Where collected from
|
Identifying |
● |
Full Name |
|
|
|
Your employer |
|
||
|
● |
Postal address |
|
|
|
|||||
|
Information |
● |
Date of Birth |
|
|
|
|
|||
|
|
|
● |
Declared |
income |
and |
|
|
||
|
|
|
|
expenditure |
|
|
|
|
||
|
|
|
● |
National Insurance Number |
|
|
||||
|
|
|
|
|
|
|
|
|
||
|
Employment |
● |
Employer name |
|
|
Your employer |
|
|||
|
● |
Work location |
|
|
|
|||||
|
Information |
● |
Job title |
|
|
|
|
|
|
|
|
|
|
● Employment status (e.g. active) |
|
|
|||||
|
|
|
|
and type (e.g. full time or part |
|
|
||||
|
|
|
|
time) |
|
|
|
|
|
|
|
|
|
● Employment start and end dates |
|
|
|||||
|
|
|
● Salary, tax and benefits |
|
|
|
||||
|
|
|
|
|
|
|
|
|
||
|
Analysed |
|
● |
Identifying |
Information |
and |
Generated by Equifax |
|
||
|
|
|
Employment |
Information |
|
|||||
|
Information |
|
analysed to verify your identity, |
|
|
|||||
|
|
|
|
income, |
|
affordability |
and/or |
|
|
|
|
|
|
|
otherwise |
assess your financial |
|
|
|||
|
|
|
|
standing |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||
|
Contact Information |
● |
Your |
Identifying |
Information |
Your employer |
|
|||
|
|
(excluding date of birth and |
|
|||||||
|
|
|
|
income and expenditure) |
|
|
|
|||
|
|
|
|
|
|
|
||||
|
Credit |
Reference |
● |
Information in relation to your |
Information already held |
by |
||||
|
|
financial |
|
status, |
may |
be |
||||
|
Information |
|
processed by Equifax to provide |
Equifax and provided |
to |
|||||
|
|
|
|
its core credit reference services, |
Equifax by lenders or obtained |
|||||
|
|
|
|
as explained in the “CRAIN” at |
from publicly available sources |
|||||
|
|
|
|
www.equifax.co.uk/crain and the |
|
|
||||
|
|
|
|
“Equifax |
Information |
Notice” at |
|
|
||
|
|
|
|
|
|
|
|
|||
|
|
|
|
|
|
|
|
|
|
|
3. WHAT DO WE DO WITH YOUR PERSONAL DATA AND WHY?
Equifax collects your personal data in order to provide services back to an employer (‘Employer Services’) and to provide further services to third party clients (‘Client Services’).
Employer Services
Equifax will be engaged by employers to provide employee management services. Practically this means that Equifax may use your:
●identity and financial details to support employment and income verification;
●identity and financial details to support your application for an employee benefit scheme;
●employment service details to produce letters of employment and income;
●financial details to assist with employment tax forms; and
●identity, employment and financial details to support an employer’s human resources, payroll and finance functions.
Client Services
Equifax will be engaged by third party businesses to support their identity, income and employment verification requirements. Practically this means Equifax may use your:
●identity and financial details to support credit lenders conduct their due diligence on your identity and affordability both at the point of your application for credit and during the lifecycle of the credit product;
●identity and financial details to assist companies comply with their regulatory compliance and prevent fraud and/or money laundering;
●employment and financial details to help companies
conduct
●identity and financial details to support landlord and tenant screening processes; and
●Identity, employment and financial details to assist public authorities when processing and administering benefits.
Under what lawful basis do we process your personal data?
We are required by law to always have a ‘lawful basis’ (meaning a reason or justification) for processing your personal data. There are a number of lawful basis set out in data protection law but we consider the following to be most relevant to our processing of your personal data:
●The processing is necessary to comply with a legal obligation (“Legal Obligation”);
●The processing is necessary for the purposes of legitimate interests pursued by us or a third party, and these are not overridden by your interests or fundamental rights (“Legitimate Interest”).
The table below sets out the purposes for which we process your personal data and the relevant lawful basis on which we rely for that processing.
|
Purposes of processing |
|
Legal Obligation Legitimate Interest |
||||
|
|
|
|
|
|
|
|
|
Disclosing |
|
your |
|
Identifying |
✔ |
|
|
Information, Employment Information |
It is in the legitimate |
|||||
|
and Analysed Information to an |
||||||
|
Approved Recipient |
|
|
interest of Approved |
|||
|
|
|
|
|
|
|
Recipients to receive your |
|
|
|
|
|
|
|
data in order to assess |
|
|
|
|
|
|
|
their ability to provide |
|
|
|
|
|
|
|
products/services to you |
|
|
|
|
|
|||
|
Analysing |
your |
Employment |
✔ |
|||
|
Information |
to |
generate |
Analysed |
It is in the legitimate |
||
|
Information and form a picture of |
||||||
|
your financial standing, including to: |
interest of Approved |
|||||
|
|
|
|
|
|
|
Recipients to receive a |
|
● help verify income and |
breakdown / assessment |
|||||
|
|
outgoings; |
|
|
of your Employment |
||
|
● |
help assess affordability; |
Information in order to |
||||
|
● |
help |
|
|
|
assess |
assess creditworthiness |
|
|
creditworthiness; |
|
and affordability, to help |
|||
|
● help verify income and |
determine whether they |
|||||
|
|
outgoings; |
|
|
can provide |
||
|
● help prevent and detect |
products/services to you. |
|||||
|
|
fraud, money laundering and |
It is also in our legitimate |
||||
|
|
other criminal activity; |
interest to provide these |
||||
|
● |
enable |
monitoring of your |
services to Approved |
|||
|
|
financial circumstances; and |
Recipients. |
||||
●assist in the provision of debt
management services, including to help reclaim debt owed by you,
to be shared with an Approved Recipient.
|
Combining |
Analysed |
Information |
✔ |
||
|
with |
the |
Credit |
Reference |
It is in the legitimate |
|
|
Information Equifax holds about you, |
|||||
|
to provide a more complete picture |
interest of Approved |
||||
|
of your financial standing, and |
Recipients to receive an |
||||
|
making this ‘picture’ available to you |
assessment of your |
||||
|
or an Approved Recipient. |
|
financial standing |
|||
|
|
|
|
|
|
(supported by your |
|
|
|
|
|
|
Analysed Information) in |
|
We may also combine and |
order to assess |
||||
|
creditworthiness and |
|||||
|
anonymise |
your |
Analysed |
affordability, to help |
||
|
Information and the Credit Reference |
determine whether they |
||||
|
Information we hold about you to |
can provide |
||||
|
create an |
anonymised |
aggregated |
products/services to you |
||
|
dataset that can be used for |
|
||||
|
research and statistical purposes. |
It is also in our legitimate |
||||
|
|
|
|
|
|
interest to aggregate and |
|
|
|
|
|
|
anonymise the data we |
|
Please see the “CRAIN” at |
hold about you to create |
||||
|
an anonymised dataset to |
|||||
|
and |
the |
be used for research |
|||
|
“Equifax |
Information |
Notice” at |
purposes and better |
||
|
for |
more |
improve our products and |
|||
|
information |
about how |
Credit |
services. These data sets |
||
|
Reference |
Information |
is collated |
will be anonymous and |
||
|
and processed. |
|
|
will not identify you as an |
||
|
|
|
|
|
|
individual. |
|
Use of your information to detect and |
✔ |
|
report suspected incidents of fraud, |
It is in our legitimate |
|
or for general crime prevention |
|
|
|
interest to prevent crime |
|
|
and instances of fraud. |
|
Using your Contact Information to |
✔ |
|
respond to your enquiries and/or |
It is in our mutual interest |
|
complaints |
|
|
|
to respond |
|
Using any relevant personal data to |
✔ |
|
establish and enforce our legal rights |
|
|
or to comply with a court order, law |
|
|
enforcement requirement (or other |
|
|
legally mandated request) or legal |
|
|
obligation |
|
|
Using any relevant personal data in |
✔ |
✔ |
|
relation to managing the proposed or |
|
We have legitimate |
|
actual sale, restructuring or merging |
|
|
|
of any or all part(s) of our business |
|
interest in being able to |
|
|
|
sell or restructure our |
|
|
|
business and maintain |
|
|
|
continuity for us or a |
|
|
|
buyer |
We may also use your personal data to conduct research and analysis, including to produce anonymous statistical reports. Where appropriate, we will convert your personal data into statistical or aggregated form to better protect your privacy, or so that you are not identified or identifiable (thereby creating anonymised data). Anonymised data is not personal data and can be used, for example, to help us understand and improve the analytics we undertake of individual transaction data. We may also share anonymised data or the research we produce from our analysis of anonymised data, with third parties.
4. WHO DO WE SHARE YOUR PERSONAL DATA WITH AND WHY?
We may share your information with the following entities:
Affiliates and Third Parties: companies that control, are controlled by, or under common control with Equifax, as well as selected third parties with whom Equifax works.
These recipients within and outside our group may be processing your personal data on our behalf as a Service Provider (see below) or they may be processing it for their own purposes as a controller in their own right.
We have summarised below the categories of recipients with whom we are likely to share your personal data:
a)Service Providers: We may share your personal data with entities that provide services to us, such as vendors and suppliers that provide technology, services, and/or content for the operation and maintenance of the EWS Services we provide. Access to your personal data by these service providers is limited to the information reasonably necessary for the Service Provider to perform its limited function. We take steps to help ensure that Service Providers keep your personal data confidential and comply with our privacy and security requirements.
b)Disclosure for Legal Reasons or as necessary to protect Equifax: We may release
personal data to other parties: (1) to comply with valid legal requirements such as laws, regulations, search warrants or court orders; (2) in special cases, such as a physical threat to you or others, a threat to public security, or a threat to Equifax’s systems or networks; or (3) cases in which Equifax believes it is reasonably necessary to investigate or prevent suspected or actual harm, abuse, fraud, or illegal conduct.
d)Changes in Equifax’s corporate structure: If all or any part of Equifax is sold, merged or otherwise transferred to another entity (including a transfer of assets), your personal data may be transferred as part of that transaction.
Employers and Clients (collectively referred to as ‘Approved Recipients’): We are required to disclose your data to those businesses that you are employed by so the employers may receive the Employer Services. Furthermore it is necessary for Equifax to disclose your personal data to third party clients to enable them to provide products and services to you. Such clients may operate in the following industries;
(i)credit providers (e.g. banks and building societies), (ii) finance scheme providers (e.g. car and retail loan and/or hire purchase providers), (iii) public sector departments (e.g. HMRC and benefit providers),
(iv)landlords and (v) businesses undertaking
5. WHERE IN THE WORLD IS YOUR PERSONAL DATA PROCESSED?
Equifax is based in the UK and the personal data held by Equifax is stored in the UK on encrypted servers at a secure physical location, whether these be our own servers or those of cloud service providers that we use.
Equifax is also part of the Equifax global group of companies, with operations and service providers elsewhere inside and outside the UK (such as cloud hosted disaster recovery sites based in the EEA). Your personal data may be accessed by or transferred to such group companies or third parties in other jurisdictions.
Please be aware that the data protection laws in some jurisdictions may not provide the same level of protection to your personal data as is provided to it under UK laws. Nevertheless, internal policies and
controls are in place seeking to ensure that personal data is kept secure as well as to minimise the risk of any personal data being lost, misused, disclosed or accidently destroyed.
6. HOW DO WE COMMUNICATE WITH YOU?
We will use your personal data in order to communicate relevant information in relation to our EWS services and to respond to any queries or complaints you may have.
We do not use your personal data processed in our EWS Services for any direct marketing purposes.
7. HOW DO WE SAFEGUARD YOUR PERSONAL INFORMATION
We are committed to protecting the security of your personal data and implement appropriate technical and organisational measures taking into account the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of you, as an individual.
8. HOW LONG DO WE KEEP YOUR PERSONAL DATA?
We will only retain your personal data for a limited period of time and for no longer than is necessary for the purposes for which we are processing it.
For example, we will typically retain personal data in relation to our EWS Services for 7 years to support income and employment verifiers who may need such a level of historic data to support their verifications.
In some cases, it may be necessary for us to retain your personal data for different periods. The factors that direct how long we will retain personal data include the following:
a)any laws or regulations that we are required to follow;
b)whether we are in a legal or other type of dispute with each other or any third party
c)the type of information held about you; and
d)whether we are asked by you or a regulatory authority to keep your personal data for a valid reason.
For more information regarding our retention periods, please contact us.
9. WHAT ARE YOUR RIGHTS IN RELATION TO YOUR PERSONAL DATA?
Data protection law provides you with a number of rights in relation to your personal data (which are summarised below). You can exercise these rights by contacting us – please see the section ‘HOW CAN YOU CONTACT US’ above.
Subject to the requirements of applicable laws and certain limitations or exemption, you have the right to:
a)access your personal data and be provided with certain information in relation to it, such as the purpose for which it is processed;
b)require us to correct any inaccuracies in your personal data without undue delay;
c)require us to erase your personal data (please be aware that the right of erasure under data protection law is not an absolute right as it only applies in relation to one or more specific circumstances);
d)require us to restrict the processing of your personal data;
e)receive the personal data which you have provided to us in a machine readable format, where we are processing it on the basis consent or to comply with a contract with you (please see the above tables) and such processing is automated; and
f)object to a decision that we make which is based solely on automated processing of your personal data.
Access to your credit report and corrections
In addition to the rights listed above, you also have the right to obtain your statutory credit report free of charge from Equifax. This report contains all the personal data Equifax holds about you that is relevant to your financial standing. Click here if you wish to find out how to exercise this right:
Should you wish to request access to all of the personal data Equifax holds about you (not just your credit report) you have the right to do so (as noted above). Click here if you wish to find out how to exercise this right:
Equifax wants to make sure that your personal information is accurate and up to date. However, please be aware that as a credit reference agency, much of the information Equifax holds about you is received from lenders and banks. Equifax is not able to automatically amend this information upon request. Equifax must instead follow a set process of informing the relevant lender and seeking their clarity as to the validity of the data. While this process is undertaken, Equifax will make a note on your file that a rectification request has been made. For more details on your rights please review the Equifax Information Notice at www.equifax.co.uk/ein
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), which is the UK data protection regulator. More information can be found on the ICO website at https://ico.org.uk/
10. CHANGES TO THIS EWS NOTICE
We may change this online EWS Notice from time to time.