Credit Reporting Policy (Australia)

Equifax Australia Information Services & Solutions Pty Limited (EAISS, us, we), as one of its many data businesses, operates a credit reporting business and is a credit reporting body (CRB) in relation to consumer credit (only) under Part IIIA of the Privacy Act 1988 (the Act).  EAISS forms part of the Equifax global group of companies offering information solutions whose parent, Equifax Inc., is listed on the New York Stock Exchange.       

As a CRB, EAISS strives to manage the credit reporting information it handles in an open and transparent way, and in keeping with Part IIIA of the Act and the Privacy (Credit Reporting) Code 2014 (the CR Code). 

This policy is designed to explain how we collect, hold, use or disclose your credit reporting information.  For further information on how the Equifax group handles personal information to which the Australian Privacy Principles (APPs) apply, please refer to our Privacy Policy (Australia) which may be found at http://www.equifax.com.au/privacy.

What credit information do we collect and how is it collected?

We collect the following credit information:

  • identification information, including: full name, alias or previous name, date of birth, gender, current or last known address and 2 previous addresses, current or last known employer, driver’s licence number
  • repayment history information
  • credit enquiries by credit providers, mortgage insurers or trade insurers
  • the type of consumer credit applied and the amount applied for
  • default information
  • payment information with respect to previously reported defaults
  • new arrangement information 
  • serious credit infringements
  • consumer credit liability information, including details of your credit provider and the terms of your consumer credit

We also collect the following publicly available credit information:

  • court proceedings information including court judgments and writs
  • personal insolvency information including bankruptcies, Part IX and Part X agreements
  • current, previous and disqualified directorships
  • proprietor information

EAISS collects the above information lawfully and fairly:

  1. from you for the purposes of servicing a request
  2. from credit providers (including banks, building societies, utility companies and telecommunications carriers), and private entities or public agencies that are permitted to provide us with the information
  3. in the course of carrying on a credit reporting business, or
  4. if required by an Australian law or court 

How do we hold credit reporting information?

Once collected, EAISS holds credit reporting information in accordance with Part IIIA of the Act.  To protect that information from misuse, interference and loss, and from unauthorised access, modification or disclosure we use a variety of administrative, physical and technical controls which are monitored and audited.  The Equifax environment is protected using a layered security approach including endpoint security and network controls.  Only authorised employees are granted access to your credit reporting information. We train the employees who handle your credit reporting information to ensure that your credit reporting information is handled appropriately. Our procedures ensure that your credit reporting information is only made available to employees where necessary.  We audit and monitor our employees’ access to, and handling of, personal information.

As far as possible, EAISS takes reasonable steps to ensure that the quality of the credit information it holds is accurate, up-to-date, complete and relevant for its planned purpose.

Where permitted by law, credit reporting information that is held by EAISS is de-identified after its legal retention period ends.  The de-identified information may be used or disclosed for the purposes of conducting research in relation to credit and according to the Privacy (Credit Related Research) Rule 2014 (the Research Rule).  During this research, Equifax will not re-identify or attempt to re-identify the de-identified information. Equifax will destroy the information if it is re-identified unintentionally.

EAISS may derive a score and/or summary data from your credit information. However, these are generated dynamically at the time of a request and not held by the CRB.  

Our use and disclosure of your personal information

We use and disclose your credit reporting information in accordance with the Act, and to enable us to:

  • carry on a credit reporting business, which may include providing information to you, an authorised access seeker or a credit provider about your credit worthiness, managing the information we hold, conducting investigations arising from complaints or requests for correction of your credit information, or conducting research into use of bureau products and services
  • disclose credit reporting information in the form of scores and summary data to credit providers, mortgage insurers, and trade insurers or to you when you are a member of various Equifax personal credit and identity monitoring plans. (For further information, see www.equifax.com.au/personal/products/credit-reports-scores-alerts/plan_pricing#content)
  • use or disclose de-identified credit reporting information for the purposes of conducting research in relation to credit where a permitted purpose exists under the Research Rule
  • disclose, as required, credit reporting information to an external dispute resolution scheme of which EAISS is a member or to the Office of the Australian Information Commission (OAIC)
  • disclose credit reporting information to an enforcement body in circumstances where reasonable grounds suggest that a serious credit infringement has been committed
  • comply with a law or court order

Credit information and direct marketing (pre-screening)

EAISS does not use or disclose your credit reporting information for direct marketing purposes except in the limited circumstances permitted by the Act, namely pre-screening.  EAISS may use your credit information (but not your consumer credit liability information and repayment history information) to assess whether you are ineligible to receive direct marketing communications about consumer credit products from certain licensed credit providers with an Australian link.

This means that you may receive marketing material from a bank or other licensed credit provider offering you a credit card or other financial service as a result of that credit provider using EAISS’ pre-screening service.  

If you do not wish to receive this type of marketing material you may opt-out by going to www.donotcontact.com.au and filling out the online form.  Alternatively, you may contact EAISS using our contact details below.

Note that not all marketing material you receive from licensed credit providers has used EAISS’ pre-screening service.  Where EAISS’ pre-screening service has been used, our contact details will be included in the marketing material.

Access to credit reporting information

Under the Act you – personally or via an authorised access seeker – have a right to a free copy of your credit reporting information which EAISS holds on you:

  1. once every 12 months; or
  2. when you have been declined credit by a credit provider wholly or partly because of credit reporting information held by EAISS and you make your request for free access within 90 days of being declined credit and provide EAISS with evidence of the same; or
  3. when EAISS makes a change to your credit reporting information as a result of a correction request made by you

To obtain a free copy of the credit reporting information EAISS holds on you please go to http://www.equifax.com.au/personal/products/credit-reports-scores-alerts/plan_pricing and click on the Get Started button under the column headed FREE.  If you do not have access to the internet you may write to us at:

Equifax Public Access
PO Box 964
NORTH SYDNEY NSW 2059

Where you make a request for access to your credit reporting information, we are legally obliged to first obtain sufficient information to allow us to protect the security of the information, and to verify your identity and entitlement to such information.  You will therefore need to provide sufficient identifying information to obtain access.

We will also require a copy of your driver’s licence, passport or birth certificate together with a local council rates notice, utility bill or bank statement.

We will respond by post or email within 10 days of receipt of your request, unless we specify otherwise.

EAISS’ CRB does not hold personal information derived from credit information (such as bureau scores) as this information is dynamically generated at the time it receives a request for this information.  If you wish to obtain a bureau score, or a copy of your credit information more frequently than once a year, you may if you wish pay an annual fee and sign up to an Equifax personal credit and identity monitoring plan. Further details available at: https://www.equifax.com.au/personal/products/credit-reports-scores-alerts/plan_pricing#content.

What information we provide

When we provide you with a copy of all credit information EAISS holds on you, we will also provide you with the following information held by EAISS (if any) and governed by the APPs:

  • any commercial credit information EAISS holds on you
  • any public record information EAISS holds on you
  • in addition to the identification information that forms part of credit information, other identification information EAISS may have from commercial credit or public sources including:
    • occupation
    • previous occupation
    • up to 3 commercial addresses
    • up to 3 public record addresses

Your right to request a correction or make a complaint

If you believe that the credit reporting information EAISS holds on you is incorrect, you may request a correction to that information.

We recommend that you contact the credit provider, mortgage insurer or trade insurer who provided the information to EAISS to seek a resolution.  If a correction is needed, they will notify us of any required correction.  However, if you contact us, we will investigate your dispute and liaise with the relevant third party in order to resolve the matter.  Once we have investigated, we will write to you setting out the outcome of that investigation.

You may wish to complain about an act or practice of the CRB if you believe it to be a breach of Part IIIA of the Act or the CR Code.

We will investigate and deal with your correction request or complaint in a fair, efficient and timely manner.  If, however, you are unhappy with the outcome of our investigation, you have a right to complain to the external dispute resolution scheme of which EAISS is a member or the OAIC, the contact details for each are set out below:

Credit and Investments Ombudsman
Reply Paid 252
South Sydney NSW 1234
Website:  www.cio.org.au

Office of the Australian Information Commissioner
GPO Box 5218
SYDNEY NSW 2001
Website:  www.oaic.gov.au

Victim of fraud?

If you believe, on reasonable grounds, that you have been or are likely to be, the victim of fraud (including identity fraud), then you may request that EAISS refrain from using or disclosing the credit reporting information it holds on you for a 21 day ban period (unless extended).  We do not charge you for making such a request or for giving effect to it.

If you would like to make a ban request, then email us at [email protected] and provide the following information: full name, date of birth, current and previous address, driver’s licence number and reasons for requesting a ban.

Note that it may be more difficult for you to apply for, or access, credit during the ban period.

If we are satisfied that you have been a victim of fraud and we hold information that relates to consumer credit provided as a result of that fraud, then provided we are lawfully permitted to, we will destroy that information and notify you and any relevant credit providers (or third parties) of the destruction.

Further information about your Privacy rights

For further information about credit reporting, please visit the website of the OAIC: www.oaic.gov.au.

This policy documents how we manage personal information and reflects our obligations under Part IIIA of the Act and the CR Code.  All reasonable care is taken to ensure the currency and accuracy of this policy.   However, it does not constitute legal advice, any warranties or representations and is not intended to replace or create any additional rights under contract, statute or equity law.  

Our contact details

If you need to contact us, please use the details below:

Equifax
PO Box 964
NORTH SYDNEY NSW 2059