Credit Reporting Policy (Australia)

Equifax Australia Information Services & Solutions Pty Limited (EAISS, us, we), as one of its many data businesses, operates a credit reporting business and is a credit reporting body (CRB) in relation to consumer credit (only) under Part IIIA of the Privacy Act 1988 (the Act).  EAISS forms part of the Equifax global group of companies offering information solutions whose parent, Equifax Inc., is listed on the New York Stock Exchange.

As a CRB, EAISS strives to manage the credit reporting information it handles in an open and transparent way, and in keeping with Part IIIA of the Act and the Privacy (Credit Reporting) Code 2014 (the CR Code). 

This policy is designed to explain how we collect, hold, use or disclose your credit reporting information.  For further information on how the Equifax group handles personal information to which the Australian Privacy Principles (APPs) apply, please refer to our Privacy Policy (Australia) which may be found at http://www.equifax.com.au/privacy.

What credit information do we collect and how is it collected?

We collect the following credit information:

  • identification information, including: full name, alias or previous name, date of birth, gender, current or last known address and 2 previous addresses, current or last known employer, driver's licence number
  • credit enquiries by credit providers, mortgage insurers or trade insurers
  • the type of consumer credit applied for and the amount applied for
  • consumer credit liability information, including details of your credit provider and the terms of your consumer credit
  • repayment history information
  • financial hardship information
  • default information
  • payment information with respect to previously reported defaults
  • new arrangement information
  • serious credit infringements

We also collect the following publicly available credit information:

  • court proceedings information including court judgments and writs
  • personal insolvency information including bankruptcies, Part IX and Part X agreements
  • current, previous and disqualified directorships
  • proprietor information

EAISS collects the above information lawfully and fairly:

  1. from you for the purposes of servicing a request
  2. from credit providers (including banks, building societies, utility companies and telecommunications carriers), mortgage and trade insurers, courts, and private entities or public agencies that are permitted to provide us with the information
  3. in the course of carrying on a credit reporting business, or
  4. if required by an Australian law or court 

How do we hold credit reporting information?

Once collected, EAISS holds credit reporting information in accordance with Part IIIA of the Act.  To protect that information from misuse, interference and loss, and from unauthorised access, modification or disclosure we use a variety of administrative, physical and technical controls which are monitored and audited.  The Equifax environment is protected using a layered security approach including endpoint security and network controls.  Only authorised employees are granted access to your credit reporting information. We train the employees who handle your credit reporting information to ensure that your credit reporting information is handled appropriately. Our procedures ensure that your credit reporting information is only made available to employees where necessary.  We audit and monitor our employees’ access to, and handling of, personal information.

As far as possible, EAISS takes reasonable steps to ensure that the quality of the credit information it holds is accurate, up-to-date, complete and relevant for its planned purpose.

Where permitted by law, credit reporting information that is held by the CRB is destroyed or de-identified after its legal retention period ends. EAISS may de-identify credit reporting information and use or disclose it for the purposes of conducting research in relation to credit and according to the Privacy (Credit Related Research) Rule 2014 (the Research Rule).  During this research, Equifax will not re-identify or attempt to re-identify the de-identified information. Equifax will destroy the information if it is re-identified unintentionally.

EAISS may derive a credit rating, credit score and/or summary data from your credit information. However, these are generated dynamically at the time of a request and not held by the CRB.  

Our use and disclosure of your personal information

We hold, use and disclose your credit reporting information in accordance with the Act, and to enable us to:

  • carry on a credit reporting business, which may include providing information to you, an authorised access seeker, or a credit provider, mortgage insurer or trade insurer about your credit worthiness (the latter being permitted CRB disclosures), managing the information we hold, conducting investigations arising from complaints or requests for correction of your credit information, pre-screening or conducting research into the use of bureau products and services
  • disclose credit reporting information in the form of credit ratings, credit scores and summary data, as permitted CRB disclosures to credit providers, mortgage insurers, and trade insurers, or to you when required by law or when you are a member of various Equifax personal credit and identity monitoring plans. (For further information, see https://www.equifax.com.au/personal/products/credit-and-identity-products) Financial hardship information is not included in the calculation of such credit ratings or credit scores.
  • use or disclose de-identified credit reporting information for the purposes of conducting research in relation to credit where a permitted purpose exists under the Research Rule
  • disclose, as required, credit reporting information to an external dispute resolution scheme of which EAISS is a member or to the Office of the Australian Information Commission (OAIC)
  • disclose credit reporting information to an enforcement body in circumstances where reasonable grounds suggest that a serious credit infringement has been committed
  • comply with a law or court order

Permitted CRB disclosures of repayment history information and financial hardship information are only made to licensed credit providers and to mortgage insurers. Financial hardship information is not disclosed to credit providers for the purposes of collecting overdue payments, or assessing whether to accept an individual as a guarantor, and is not disclosed to mortgage insurers for the purpose of assessing the risk of an individual defaulting on mortgage credit for which the insurer has provided insurance to a credit provider.

Credit information and direct marketing (pre-screening)

EAISS does not use or disclose your credit reporting information for direct marketing purposes except in the limited circumstances permitted by the Act, namely pre-screening.  EAISS may use your credit information (but not your consumer credit liability information and repayment history information) to assess whether you are ineligible to receive direct marketing communications about consumer credit products from certain licensed credit providers with an Australian link. Credit information is not disclosed to a credit provider during the pre-screening process.

This means that you may receive marketing material from a bank or other licensed credit provider offering you a credit card or other financial service as a result of that credit provider using EAISS’ pre-screening service.  

If you do not wish to receive this type of marketing material you may opt-out by going to www.donotcontact.com.au and filling out the online form.  Alternatively, you may contact EAISS using our contact details below.

Note that not all marketing material you receive from licensed credit providers has used EAISS’ pre-screening service.  Where EAISS’ pre-screening service has been used, our contact details will be included in the marketing material.

Access to credit reporting information

Under the Act you – personally or via an authorised access seeker – have a right to a free copy of your credit reporting information which EAISS holds on you, and your credit rating:

  1. once every 3 months; or
  2. when you have been declined credit by a credit provider wholly or partly because of credit reporting information held by EAISS and you make your request for free access within 90 days of being declined credit and provide EAISS with evidence of the same; or
  3. when EAISS makes a change to your credit reporting information as a result of a correction request made by you

To obtain a free copy of the credit reporting information EAISS holds on you, and your credit rating, please go to https://www.equifax.com.au/personal/products/credit-and-identity-products and click on the Get Now button under the column headed EQUIFAX FREE CREDIT REPORT.  If you do not have access to the internet you may write to us at:

Equifax Public Access
PO Box 964
NORTH SYDNEY NSW 2059

You may also call us on: 138 332

When you make a request for access to your credit reporting information, we are legally obliged to first collect sufficient personal information as evidence to satisfy ourselves that we are disclosing the information to the right individual (you). Therefore, you will need to provide us with sufficient identity information to obtain access. 

In some cases, we may also request documentation to verify your identity. This documentation may include, but is not limited to, a copy of your driver’s licence, passport or birth certificate.

We will respond by post or email within a reasonable period, not longer than 10 days of receipt of your request, unless we specify otherwise.

EAISS' CRB does not hold personal information derived from credit information (such as bureau credit ratings or scores) as this information is dynamically generated at the time it receives a request for this information. If you wish to obtain a bureau score, or a copy of your credit information and credit rating more frequently than once every 3 months, you can subscribe to an Equifax personal credit and identity monitoring plan. Further details available at: https://www.equifax.com.au/personal/products/credit-and-identity-products.

What information we provide

When we provide you with a copy of all credit information EAISS holds on you, we will also provide you with the following information held by EAISS (if any) and governed by the APPs:

  • any commercial credit information EAISS holds on you
  • any public record information EAISS holds on you
  • in addition to the identification information that forms part of credit information, other identification information EAISS may have from commercial credit or public sources including:
    • occupation
    • previous occupation
    • up to 3 commercial addresses
    • up to 3 public record addresses

Your right to request a correction or make a complaint

If you believe that credit information, personal information derived by a CRB from credit information, or personal information derived from credit reporting information disclosed to a credit provider by a CRB, about you, is incorrect, and EAISS holds one of these kinds of information, you may request a correction to that information by visiting the Equifax Correction Portal at https://www.equifax.com.au/personal/corrections-portal.

We recommend that you contact the credit provider, mortgage insurer or trade insurer who provided the information to EAISS (or holds the information) to seek a resolution. If a correction is needed, they will notify us of any required correction. However, if you contact us, we will investigate your dispute and liaise with the relevant third party in order to resolve the matter. Once we have investigated, we will write to you setting out the outcome of that investigation.

You may wish to complain about an act or practice if you believe it to be a breach of Part IIIA of the Act or the CR Code

If you are unhappy with the outcome of Equifax’s investigation or would like to make a complaint, please contact our Internal Dispute Resolutions (IDR) team by:

Online: at www.equifax.com.au/personal/help-centre/complaints

Email: customercomplaintsAU@equifax.com

Mail: Customer Resolutions Team PO Box 12394 Brisbane QLD 4001

Make sure that you sufficiently detail your matter and include your full name, contact details, any reference numbers and relevant supporting documentation. Our IDR team will investigate your matter and contact you to attempt to resolve the matter directly. 
 
We want to do everything we can to resolve your matter, so it's important that you raise it with our IDR team prior to having your matter addressed externally. Raising your matter with Equifax directly will often result in a quicker resolution. Once we have investigated, we will write to you setting out the outcome of that investigation.
 
If you are still not satisfied with our response, you may contact the external dispute resolution scheme of which Equifax is a member, the Australian Financial Complaints Authority (AFCA). Please note that if you have not already done so, AFCA will likely encourage you to work with us before they investigate your complaint. 
 
How to contact the Australian Financial Complaints Authority (AFCA): 
Online:  www.afca.org.au  
Email:  info@afca.org.au  
Phone: 1800 931 678

Interpreter Service: 131 450

  
Mail: Australian Financial Complaints Authority 
GPO Box 3 
Melbourne VIC 3001 
 
When contacting AFCA, we suggest you include the following: 

  • a detailed timeline/chronology of events
  • copies of any correspondence with our Customer Resolutions Team and the credit provider 

You may also make a complaint to the Office of the Australian Information Commissioner (OAIC). 
 
How to contact the Office of the Australian Information Commissioner (OAIC): 
Online: www.oaic.gov.au  
Email:  enquiries@oaic.gov.au  
Fax: 1300 363 992  
Mail: Office of the Australian Information Commissioner   
GPO Box 5218   
Sydney NSW 2001 

Victim of fraud?

If you believe, on reasonable grounds, that you have been or are likely to be, the victim of fraud (including identity fraud), then you may request that EAISS refrain from using or disclosing the credit reporting information it holds on you for a 21 day ban period (unless extended).  We do not charge you for making such a request or for giving effect to it.

If we receive a request from a credit provider during the ban period, we will notify the credit provider making the request that you credit reporting information is subject to a ban at your request.

If you would like to make a ban request, please click here and provide the following information: full name, date of birth, current and previous address, driver’s licence number and your reasons for requesting a ban.

To ensure your personal information is not compromised during the ban period, your information cannot be used or disclosed which may make it more difficult for you to apply for, or access, credit. Please notify any relevant parties if you intent to apply for credit during the ban period.

If we are satisfied that you have been a victim of fraud and we hold information that relates to consumer credit provided as a result of that fraud, then provided we are lawfully permitted to, we will destroy that information and notify you and any relevant credit providers (or third parties) of the destruction.

Further information about your Privacy rights

For further information about credit reporting, please visit the website of the OAIC: www.oaic.gov.au.

This policy documents how we manage personal information and reflects our obligations under Part IIIA of the Act and the CR Code.  All reasonable care is taken to ensure the currency and accuracy of this policy.   However, it does not constitute legal advice, any warranties or representations and is not intended to replace or create any additional rights under contract, statute or equity law.  

Our contact details

If you need to contact us, please use the details below:

Equifax
PO Box 964
NORTH SYDNEY NSW 2059

This policy was last updated in July 2022.