Credit Reporting Policy (Australia)

Equifax Australia Information Services & Solutions Pty Limited (EAISS, us, we, our), as one of its many data businesses, operates a credit reporting business and is a credit reporting body (CRB) in relation to consumer credit under Part IIIA of the Privacy Act 1988 (the Act or Privacy Act).  EAISS forms part of the Equifax global group of companies offering information solutions whose parent, Equifax Inc., is listed on the New York Stock Exchange.

As a CRB, EAISS manages the Personal Information including Credit Information it handles in an open and transparent way as required under Part IIIA of the Act, the Privacy (Credit Reporting) Code 2014 (the CR Code) and the Notifiable Data Breach Scheme under Part IIIC of the Act (in the event of an eligible data breach).

This policy is designed to explain how we collect, hold, use or disclose your credit reporting information.  For further information on how EAISS and other entities in the Equifax group handles Personal Information to which the Australian Privacy Principles (APPs) apply, please refer to our Privacy Policy (Australia) which may be found here.

What Credit Information do we collect and how is it collected?

We collect the following Credit Information:

  • identification information such as name, address (current and two previous addresses), date of birth, drivers licence number and current employer;
  • consumer credit liability information including details of an individual's credit provider and the terms of your consumer credit;
  • repayment history information which shows if an account has been paid on time;
  • financial hardship information which shows if a financial hardship arrangement was entered into;
  • an information request (Credit Enquiry) has been made by a credit provider, mortgage insurer or trade insurer which includes the type of credit and the amount of credit sought (if available);
  • default information on accounts which have been overdue for 60 days or more and greater than $150;
  • payment information with respect to previously reported defaults;
  • new arrangement information with respect to previously reported defaults;
  • court proceedings information such as judgements which relate to credit;
  • personal insolvency information such as information relating to bankruptcy, part IX and part X agreements;
  • publicly available information about you; or
  • serious credit infringements.

We also collect the following publicly available Credit Information:

  • court proceedings information such as court judgments relating to credit information;
  • personal insolvency information including bankruptcies, Part IX and Part X agreements;
  • current, previous and disqualified directorships; and/or
  • proprietor information.

We also collect Personal Information on or about you:

  • from you or your authorised access seeker for the purposes of servicing a request;
  • from credit providers (including banks, building societies, utility companies and telecommunications carriers), mortgage and trade insurers, courts, and private entities or public agencies that are permitted to provide us with the information;
  • in the course of carrying on a credit reporting business; or
  • authorised by an Australian law or court.

How do we hold credit reporting information?

We hold all Credit Reporting Information in accordance with Part IIIA of the Act. To protect that information from misuse, interference and loss, and from unauthorised access, modification or disclosure we use a variety of administrative, physical and technical controls which are monitored and audited. Our environment is protected using a layered security approach including endpoint security and network controls. Only authorised trained employees are granted access to your Credit Reporting Information. Our procedures ensure that your Credit Reporting Information is only made available to employees where necessary. We audit and monitor our employees’ access to, and handling of Personal Information.

As far as possible, EAISS takes reasonable steps to ensure that the quality of the Credit Information it holds is accurate, up-to-date, relevant and complete.

Where permitted by law, Credit Reporting Information that is held by the CRB is destroyed or de-identified after its legal retention period ends. We may de-identify Credit Reporting Information and use or disclose it for the purposes of conducting research in relation to credit, according to the Privacy (Credit Related Research) Rule 2014 (the Research Rule).

We may derive a credit rating, credit score and/or summary data from your Credit Information. However, these are generated dynamically at the time they are requested.

Our use and disclosure of your Personal Information

We hold, use and disclose your Credit Reporting Information in accordance with the Act, and to enable us to:

  • carry on a credit reporting business, which may include providing information to you, an authorised access seeker, or a credit provider, mortgage insurer or trade insurer about your credit worthiness:
  • manage the information we hold, conducting investigations arising from complaints or requests for correction of your Credit Information, pre-screening or conducting research into the use of bureau products and services;
  • disclose Credit Reporting Information in the form of credit ratings, credit scores or summary data, as permitted CRB disclosures to credit providers, mortgage insurers, and trade insurers, or to you as required by law including if you are a member of various Equifax personal credit and identity monitoring plans. (For further information on Equifax’s personal credit and identity products, click here). Note: that financial hardship information is not included in the calculation of credit ratings or credit scores;
  • use or disclose de-identified Credit Reporting Information for the purposes of conducting research in relation to credit where a permitted purpose exists under the Research Rule;
  • disclose, as required, Credit Reporting Information to an external dispute resolution scheme of which EAISS is a member or to the Office of the Australian Information Commission (OAIC);
  • disclose Credit Reporting Information to an enforcement body in circumstances where reasonable grounds suggest that a serious credit infringement has been committed, and
  • comply with a law or court order

Permitted CRB disclosures of repayment history information and financial hardship information are only made to licensed credit providers and to mortgage insurers. Financial hardship information is not disclosed to credit providers for the purposes of collecting overdue payments, or to assist them to assess whether to accept an individual as a guarantor. Financial hardship information is not disclosed to mortgage insurers for the purpose of assisting them to assess the risk of an individual defaulting on mortgage credit for which the insurer has provided insurance to a credit provider.

Credit Information and direct marketing (pre-screening)

We do not use your Credit Reporting Information for direct marketing purposes except in the limited circumstances permitted by the Act, namely pre-screening. We may use your Credit Information (excluding your consumer credit liability information and repayment history information) to assess whether you are ineligible to receive direct marketing communications about consumer credit products from certain licensed credit providers with an Australian link.

Credit information is not disclosed to a credit provider during the pre-screening process.

This means that you may receive marketing material from a bank or other licensed credit provider offering you a credit card or other financial service as a result of that credit provider using our pre-screening service.

If you do not wish to receive this type of marketing material, you may opt-out of this by completing the online form available here. Alternatively, you may contact us using our contact details:

Online: https://www.equifax.com.au/contact
Phone: 13 8332
Mail: Equifax
PO Box 964
NORTH SYDNEY NSW 2059

Note: Not all marketing material you receive from licensed credit providers have used our pre-screening service. Where our pre-screening service has been used, our contact details will be included in the marketing material.

Access to credit reporting information

Under the Privacy Act you – personally or via an authorised access seeker – have a right to a free copy of your Credit Reporting Information which we hold on you, and your credit rating:

  • once every 3 months; or
  • when you have been declined credit by a credit provider wholly or partly because of credit reporting information held by EAISS and you make your request for free access within 90 days of being declined credit; or
  • when we make a change to your Credit Reporting Information as a result of a correction request made by you

To obtain a free copy of the Credit Reporting Information we hold on you, and your credit rating, please click here and select Get Now button under the column headed EQUIFAX FREE CREDIT REPORT.  If you are unable to access the link provided above contact us using our contact details:

Online: https://www.equifax.com.au/contact
Phone: 13 8332
Mail: Equifax
PO Box 964
NORTH SYDNEY NSW 2059

When you make a request for access to your Credit Reporting Information, we are legally obliged to first collect sufficient Personal Information along with approriate identification information as evidence to satisfy ourselves that we are disclosing the information to the right individual (you or your access seeker). Therefore, you or your access seeker will need to provide us with sufficient identity information to obtain information you request.

In some cases, we may request further documentation to verify your identity. This documentation may include, but is not limited to, a copy of your driver’s licence, passport or birth certificate.

We will respond by email, post or make your credit report available online via our portal within a reasonable period, not longer than 10 days of receipt of your request, unless we specify otherwise.

What information we provide

When we provide you with a copy of all Credit Information we hold on you, we will also provide you with the following information (if any) held by EAISS and governed by the APPs:

EAISS commercial bureau
  • any commercial Credit Information EAISS holds on you
  • in addition to the identification information that forms part of Credit Information, other commercial information we may have including:
    • occupation
    • previous occupation
    • up to 3 public record addresses
EAISS public record information
  • any public record information EAISS holds on you
  • in addition to the identification information that forms part of Credit Information, other public record information we may have including:
    • occupation
    • previous occupation
    • up to 3 public record addresses

Your right to request a correction or make a complaint

If you believe that Credit Information or other Personal Information on your Equifax credit report is incorrect, you may request a correction in any of the following ways:

  1. By contacting the credit provider directly who will advise us of any required correction;
  2. Online via the Equifax Correction Portal or
  3. By sending your request by mail to:
    Equifax – Public Access
    Equifax Australia Information Services and Solutions Pty Limited
    GPO Box 964
    NORTH SYDNEY NSW 2059

In order for Equfaix to address your request you will need to provide the following information:

  • name;
  • date of birth;
  • current address;
  • previous address;
  • driver licence details;
  • current Employment; and
  • you will also need to provide details of the correction required.

Once we receive the request we will investigate the matter and liaise with any relevant third party in order to resolve it, we will write to you setting out the outcome of our investigation.

For more information on our corrections processes and frequently asked questions refer here.

If you are not satisfied with the outcome of Equifax’s investigation or would like to make a complaint, please contact our Customer Resolutions Team (CRT):

  • Online by completing the online form
  • Mail: Customer Resolutions Team PO Box 13294 Brisbane QLD 4001

In order for Equfaix to address your request you will need to provide the following information:

  • name;
  • date of birth;
  • current address;
  • previous address;
  • driver licence details; and
  • sufficiently detail your matter including any reference numbers and relevant supporting documentation

Our CRT team will investigate your matter and contact you to attempt to resolve the matter directly.

We want to do everything we can to resolve your matter, so it's important that you first raise it with our CRT team. Raising your matter with us directly will often result in a quicker resolution. Once we have investigated your complaint, we will write to you setting out the outcome of that investigation.

If you are still not satisfied with our response, you may contact the external dispute resolution scheme of which we are a member, the Australian Financial Complaints Authority (AFCA). AFCA recommends that you raise your concerns with us before you do so with them.

How to contact the AFCA: 

Online: www.afca.org.au
Email: [email protected]
Phone: 1800 931 678
Interpreter Service: 131 450
Mail: Australian Financial Complaints Authority
GPO Box 3 
Melbourne VIC 3001 

When contacting AFCA, we suggest you include the following:

  • an overview of your concerns;
  • a detailed timeline/chronology of events: and
  • copies of any correspondence with our Customer Resolutions Team and, if applicable, the credit provider.

You may also make a complaint to the Office of the Australian Information Commissioner (OAIC).

How to contact the OAIC:

Online: www.oaic.gov.au
Email: [email protected]
Fax: 1300 363 992
Mail: Office of the Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001

When contacting the OAIC, we suggest you include the following:

  • an overview of your concerns;
  • a detailed timeline/chronology of events: and
  • copies of any correspondence with our Customer Resolutions Team and, if applicable, the credit provider.

For more information on our complaints processes and frequently asked questions refer here.

Victim of fraud?

If you believe, on reasonable grounds, that you have been or are likely to be, the victim of fraud (including identity fraud), then you may request that we refrain from using or disclosing the Credit Reporting Information we hold on you for a 21 day ban period (unless extended). We do not charge you for requesting a ban.

If we receive a request regarding your Credit Information from a credit provider during the ban period, we will notify them that your Credit Reporting Information is subject to a ban as requested by you and the date on which the ban period ends. Equifax will not provide Credit Reporting Information to the credit provider until the ban is removed a the end of the ban period or earlier at your request.

If you would like to make a ban request, please click here and provide the following information:

  • full name;
  • date of birth;
  • current and previous address;
  • driver’s licence details; and
  • your reasons for requesting a ban.

To ensure your Personal Information is not compromised during the ban period, your information cannot be used or disclosed which may make it more difficult for you to apply for, or access, credit. Please notify any relevant parties if you intend to apply for credit during the ban period.

If we are satisfied that you have been a victim of fraud and we hold information that relates to consumer credit provided as a result of that fraud, then provided we are lawfully permitted to, we will destroy that information and notify you and any relevant credit providers (or third parties) of the destruction.

Further information about your Privacy rights

For further information about credit reporting, please visit the website of the OAIC.

This policy documents how we manage Personal Information and reflects our obligations under Part IIIA of the Privacy Act and the CR Code. This policy is not legal advice and is not intended to replace the rights, duties and obligations a party has under the Privacy Act. Nothing in this policy is intended to create or impose rights, remedies, or obligations additional to those set out in the Privacy Act.

Our contact details

If you need to contact us, please use the details below:

Online: https://www.equifax.com.au/contact
Phone: 13 8332
Mail: Equifax
PO Box 964
NORTH SYDNEY NSW 2059

Key Definitions

The Act contains a variety of detailed definitions describing the types of information to which it applies. To make it easier for you to read this policy we have only included some general explanations of the key definitions used in this Policy.

For more information about Credit Reporting refer to the Credit Smart website. CreditSmart is designed to assist individuals with understanding the Credit Reporting system and is created by the Australian Credit Retail Association (ARCA) who also drafted the CR Code.

Personal Information is information or an opinion about an identified individual, or an individual who can reasonably be identified. The type of Personal Information we collect may include name, address, date of birth, email address, telephone number, and identification information. Some elements of Personal Information are also referred to as Sensitive Information, Credit Information or Credit Reporting Information.

Sensitive Information includes but are not limited to:

  • racial or ethnic origin;
  • membership of a professional association or union membership; and
  • criminal history or health information (including biometric information).

Credit Information forms part of an individual's personal information which forms part of their Credit Report and usually consists of:

  • identification information such as name, address (current and two previous addresses), date of birth, drivers licence number and current employer;
  • consumer credit liability information including details of an individual's credit provider and the terms of your consumer credit;
  • repayment history information which shows if an account has been paid on time;
  • financial hardship information which shows if a financial hardship arrangement was entered into;
  • an information request (Credit Enquiry) has been made by a credit provider, mortgage insurer or trade insurer which includes the type of credit and the amount of credit sought (if available);
  • default information on accounts which have been overdue for 60 days or more and greater than $150;
  • payment information with respect to previously reported defaults;
  • new arrangement information with respect to previously reported defaults;
  • court proceedings information such as judgements which relate to credit;
  • personal insolvency information such as information relating to bankruptcy, part IX and part X agreements;
  • publicly available information about you such as current, previous and disqualified directorships proprietor information; or
  • serious credit infringements.

Credit Reporting Information is credit information or CRB derived information about an individual.

CRB Derived Information, such as a credit rating or credit score, means personal information (other than sensitive information) that is:

  • derived by a CRB from credit information; and
  • has any bearing on an individual's credit worthiness; and
  • is used, or could be used in establishing an indivudals’ eligibility for consumer credit.

Last Update

This policy was last updated 15 February 2024.