Date last updated: June 2019
Equifax Limited (“Equifax”, “we”, “our” and “us”) is committed to protecting the privacy of the developers visiting this Developer Portal Website (‘Website’).
“Personal data” is any information that relates to an identifiable natural person. Your name, address and contact details are all examples, if they identify you. The term “process” means any activity relating to personal data, including (for example) its collection, storage, transfer or other use.
We are a “Controller” of your personal data. This means that we make decisions about how and why we process your personal data and, because of this, we are responsible for making sure that it is used in accordance with data protection laws.
WHAT TYPES OF PERSONAL DATA DO WE PROCESS AND WHERE DO WE GET IT?
We will ask for some personal details prior to setting You up with a Developer Portal Account. If any of your personal data changes, please inform us without delay by contacting UKAPITeam@equifax.com
Equifax may collect and/or receive the following types of information in connection with your use of the Website:
|Category||Type of personal data||Where collected from|
||You directly (e.g. where prompted to provide such information or when you contact us through the Website)|
||The device you use to access the Website|
Please be aware that there are aspects of this Website that you will be required to provide certain personal data in order to take advantage of some functionality, such as to view product information, API documentation, training tutorials, code samples and available downloads.
WHAT DO WE DO WITH YOUR PERSONAL DATA AND WHY?
We process your personal data for particular purposes in connection with your use of our Website, your communications with us or other engagements you may have with us, and the management and administration of our business.
We are required by law to always have a ‘lawful basis’ (meaning a reason or justification) for processing your personal data. There are a number of lawful basis set out in data protection law but we consider the following to be most relevant to our processing of your personal data:
- The processing is on the basis of your consent (“Consent”)
- The processing is necessary in order for us to enter into or perform a contract with you (“Contract”)
- The processing is necessary to comply with a legal obligation (“Legal Obligation”)
- The processing is necessary for the purposes of legitimate interests pursued by us or third party, and these are not overridden by your interests or fundamental rights (“Legitimate Interest”)
The table below sets out the purposes for which we process your personal data and the relevant lawful basis on which we rely for that processing.
Please note that where we have indicated that our use of your personal data is necessary for us to comply with legal obligations or for us to take steps, at your request, to enter into an arrangement with you (or perform it), and you choose not to provide the relevant personal data, we may not be able to enter into or continue our arrangement with you. Practically, this may mean that you are not able to access certain areas of our Website or receive certain services.
|Purposes of processing||Consent||Contract||Legal Obligation||Legitimate Interest|
|Using your Contact Information to respond to your enquiries and/or complaints||
|Using your Contact Information to send you information relevant to any services your receive from us||
|Using your Contact Information to send you direct marketing as set out in the section ‘HOW DO WE COMMUNICATE WITH YOU’ (below)||
|Using Website Information to ensure the operation and performance of the Website (please also see the ‘COOKIES’ section below)||
|Using Website Information to improve the functionality of the Website||
|Using Contact Information, Website Information and/or User Information to enable you to create accounts and log-in or otherwise gain access to services through the Website||
|Using any relevant personal data to establish and enforce our legal rights or to comply with a court order, law enforcement requirement (or other legally mandated request) or legal obligation||
|Using any relevant personal data for our general record keeping and Website user management||
|Using any relevant personal data in relation to the managing the proposed or actual sale, restructuring or merging of any or all part(s) of our business||
Where our processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. If you do decide to withdraw your consent, we will stop processing your personal data for that purpose unless there is another lawful basis that also applies and which we are relying on – in which case, we will let you know.
We may also convert your personal data into statistical or aggregated form to better protect your privacy, or so that you are not identified or identifiable (thereby creating anonymized data). Anonymized data is not personal data and we may use such data to conduct research and analysis, including to produce statistical research and reports. For example, to help us understand and improve the use of our Website.
WHO DO WE SHARE YOUR PEROSNAL DATA WITH AND WHY?
Equifax may share your information with the following entities:
Affiliates and Third Parties: Equifax may share your information with its affiliates—companies that control are controlled by, or under common control with Equifax —as well as selected third parties with whom Equifax works.
These recipients within and outside our group, may be processing your personal data on our behalf as a Service Provider (see below) or they may be processing it for their own purposes as a controller in their own right.
We have summarised below the categories of recipients with whom we are likely to share your personal data.
Service Providers: Equifax may share your personal data with entities that provide services to it, such as vendors and suppliers that provide Equifax with technology, services, and/or content for the operation and maintenance of the Website. Access to your personal data by these service providers is limited to the information reasonably necessary for the Service Provider to perform its limited function. Equifax takes steps to help ensure that Service Providers keep your personal data confidential and comply with Equifax’s privacy and security requirements.
Disclosure for Legal Reasons or as Necessary to Protect Equifax: Equifax may release personal data to other parties: (1) to comply with valid legal requirements such as laws, regulations, search warrants or court orders; (2) in special cases, such as a physical threat to you or others, a threat to public security, or a threat to Equifax’s system or network; or (3) cases in which Equifax believes it is reasonably necessary to investigate or prevent suspected or actual harm, abuse, fraud, or illegal conduct.
Changes in Equifax’s corporate structure: If all or any part of Equifax is sold, merged or otherwise transferred to another entity (including a transfer of Equifax’s assets), the personal data you have provided to Equifax may be transferred as part of that transaction.
WHERE IN THE WORLD IS YOUR PEROSNAL DATA TRANSFERRED TO?
Equifax is a UK based company and the majority of our processing of your personal data takes place within the UK. However, Equifax is part of a global group of companies and it may transfer your personal data to other group members outside of the UK and/or the European Economic Area. In addition, some of our Service Providers (please see above) may have processing operations in other jurisdictions.
Please be aware that the data protection laws in some jurisdictions may not provide the same level of protection to your personal data as is provided to it under UK laws.
Non-UK Users: This Website is intended for users within the United Kingdom. If you use this Website from outside the United Kingdom, please be aware that information you provide to Equifax or that Equifax obtains as a result of your use of this Website may be processed and transferred to the United Kingdom and be subject to the laws of the United Kingdom.
HOW DO WE COMMUNICATE WITH YOU?
We will use your personal data in order to communicate relevant information in relation to your use of the Website or to respond to any queries or complaints you may have.
In addition, we would like to keep your business up to date with the products and services that we provide.
We therefore use your email address to send relevant marketing materials to your business. If you do not want to receive such communications, you will be given the option opt-out when you first access the portal through our Website.
You can also opt-out of receiving marketing communications are any time by either contacting us (please see the HOW TO CONTACT US SECTION, below) or following the instructions within the relevant emails.
EFFORTS EQUIFAX MAKES TO SAFEGUARD YOUR PERSONAL INFORMATION
Equifax are committed to protecting the security of your personal information and shall implement appropriate technical and organisational measures taking into account the state of the art , the cost of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of you, as an individual.
HOW LONG DO WE KEEP YOUR PEROSNAL DATA?
We will only retain your personal data for a limited period of time and for no longer than is necessary for the purposes for which we are processing it. For example, we will typically retain personal data in relation to a compliant for at least 7 years so that we are able to defend any subsequent claim or dispute.
In some cases, it may be necessary for us to retain your personal data for longer. The factors that direct how long we will retain personal data include the following:
- any laws or regulations that we are required to follow;
- whether we are in a legal or other type of dispute with each other or any third party
- the type of information held about you; and
- whether we are asked by you or a regulatory authority to keep your personal data for a valid reason.
When you visit the Website, we generate session cookies which store browser specific settings for the Website as well as some personal data you enter into the portal (such as your name, phone, and email address).
Please be aware that if your use different devices to view and access the Website (e.g. your computer and smartphone), you will need to ensure that each browser on each device is adjusted to suit your cookie preferences.
Links to Third Party Websites: This Website may provide links to other websites that might be of interest to you. Equifax is not responsible for the security or privacy practices of other websites that you use through these links. You should exercise caution when using such websites, and you should read their privacy policies in order to better understand what information they collect about you and how they use it.
WHAT ARE YOUR RIGHTS IN RELATION TO YOUR PERSONAL DATA?
Data protection law provides you with a number of rights in relation to your personal data (which are summarized below). You can exercise these rights by contacting – please see ‘HOW TO CONTACT US’ below.
In relation to your right to have incorrect data amended, please first seek to amend this data via the ‘My Account’ section of the portal.
Subject to the requirements of applicable laws and certain limitations or exemption, you have the right to:
- access your personal data and be provided with certain information in relation to it, such as the purpose for which it is processed;
- require us to correct any inaccuracies in your personal data without undue delay;
- require us to erase your personal data (please be aware that the right of erasure under data protection law is not an absolute right as it only applies in relation to one or more specific circumstances);
- require us to restrict the processing of your personal data;
- receive the personal data which you have provided to us in a machine readable format, where we are processing it on the basis consent or to comply with a contract with you (please see the above tables) and such processing is automated; and
- object to a decision that we make which is based solely on automated processing of your personal data.
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), which is the UK data protection regulator. More information can be found on the ICO website at https://ico.org.uk/
HOW TO CONTACT US