Privacy Policy (New Zealand)
Purpose
Equifax New Zealand Information Services and Solutions Limited, and its related companies in New Zealand (“Equifax” or “We”) are committed to respecting your privacy.
This Privacy Policy sets out how we collect, use, store and disclose your personal information, which includes your credit information, in accordance with the Privacy Act 2020 ("Act") and the Credit Reporting Privacy Code 2020 ("Code").
You have rights under the Act and the Code in relation to your credit information and other personal information. These include privacy principles and rules in relation to, the collection, use, disclosure, access and correction of information relating to individuals.
By providing your personal information to Equifax or its subscribers, you agree to this Privacy Policy. We may update this Privacy Policy from time to time by publishing a new version on our website.
What information do we collect and how do we collect it?
"Personal information" is defined in the Act as "information about an identifiable individual". All personal information we collect is collected in accordance with the Act.
The personal information we collect to operate our consumer credit reporting business must also comply with the requirements of the Code. This personal information is referred to as "credit information" under the Code. You have certain additional rights about credit information we hold about you. Your rights are summarised in this Privacy Policy and the Summary of Rights. A copy of the Summary of Rights, in accordance with Schedule 5 of the Code, is available on our website https://www.mycreditfile.co.nz/summary-of-rights.
We keep credit information collected for our consumer credit reporting business separate from the rest of the personal information we collect. We do not use personal information collected for another purpose for our consumer credit reporting business without your consent.
Credit information
The Code sets out the type of credit information we may collect, which may include the following:
- Full name and any alias or previous names;
- Last reported and previous addresses;
- Date of birth;
- Gender, employer, and occupation (current and previous);
- Driver’s licence details;
- New Zealand Business Number (NZBN);
- Information relating to identification documents reported lost or stolen or otherwise compromised;
- Company directorships (if any);
- Information about credit enquiries made by subscribers and when (if any);
- An access log relating to each access to credit information;
- An Equifax generated credit score;
- Details of payment defaults, serious credit infringement information or credit non-compliance action; information (if any);
- Debt repayment orders or District and High Court judgments for monies owed (if reported by the Mercantile Gazette);
- Insolvency information (if any);
- Information sourced from a specified public register; and
- Information about any credit accounts you have and your repayment history for those accounts.
Equifax collects credit information directly from the individual concerned, from our subscribers (who are mostly banks, finance houses and other credit providers, or debt collectors enforcing a debt owed by the individual concerned) or from public sources, such as the Mercantile Gazette and public register databases where the Code permits this.
Our subscribers may supply your name, addresses, date of birth, gender, employer, occupation, drivers’ licence and the type of account you applied to them for. Details may also be provided relating to the conduct of your account. Your gender, employer details occupation, drivers’ licence and NZBN are not reported back to subscribers and this information is only used to confirm information provided to us by a subscriber.
Other personal information
When you visit or use our website, we collect information relating to your machine or device, the date and time you are visiting and the pages you view. This information may be collected by using cookies and is subject to our Cookies Policy. You can set your browser to refuse cookies, but this may mean you won't be able to take full advantage of our website.
We might also collect information from you when you contact us (over the phone, through email or letter) or visit our website. We generally record inbound and outbound telephone calls for operational purposes such as complaint handling and reporting, quality assurance and staff training. The information we collect from you may include your name and contact details, email communications, and your written and verbal interactions with us.
We also collect other personal information directly from you when you sign up for our Secure Sentinel service, which offers solutions for identity theft and fraud prevention. The personal information we collect can include:
- Name;
- Date of Birth;
- Driver's Licence;
- Gender;
- Latest Address;
- Previous Addresses;
- Occupation;
- Credit Card details;
- Email address;
- Home phone number;
- Mobile phone number;
- Fax number; and
- Information about your mobile phone(s), financial cards and passport.
If Equifax does not collect your personal information, Equifax may not be able to provide its products or services to or in connection with you.
How do we use your information?
We will use your credit information for the purpose of carrying out our consumer credit reporting business. Equifax may also use your credit information in other circumstances as permitted under the Code. Examples of this include:
- the use of the information for that other purpose is authorised by the individual concerned;
- that the source of the information is a publicly available publication and that, in the circumstances of the case, it would not be unfair or unreasonable to use the information;
- to avoid prejudice to the maintenance of the law by any public sector agency;
- for the enforcement of a law that imposes a pecuniary penalty;
- for the protection of public revenue; and
- for the conduct of proceedings before any court or tribunal.
In accordance with the Code, we will not use your credit information for any purpose relating to marketing, direct marketing or the facilitation of marketing by other agencies.
We may use your other personal information for any purposes you authorise, or for a purpose which is directly related to the purpose in connection with which the information was obtained, including for the following purposes:
- to provide you with a service or product that you have requested;
- to provide direct marketing services;
- to improve customer experience (including on our website) and train our staff;
- to investigate or analyse incidents;
- to meet our legal and ethical obligations; and
- to manage and monitor our risks, including identifying and investigating any illegal activity.
When do we disclose your information?
We will not disclose your credit information to third parties, except where permitted by the Code. Some examples are:
- where you have authorised the disclosure and the disclosure is to a credit provider, prospective landlord, prospective employer or a prospective insurer;
- to a debt collector for the purpose of enforcing a debt owed by you;
- where it is necessary to avoid prejudice to the maintenance of the law by any public sector agency;
- where it is necessary to enable an insurer to investigate a case of suspected insurance fraud; and
- where the credit information being disclosed consists solely of information sourced from a publicly available publication.
In accordance with the Code, we will not disclose your credit information to any other agency for any purpose relating to marketing or direct marketing.
We will not disclose your other personal information to third parties, except where it is permitted under the Act or where:
- you have authorised the disclosure;
- disclosure is required so that we can provide you with a service that you have requested;
- disclosure is necessary to review and improve our services;
- disclosure is required to provide the information by law, or is necessary to prevent a threat to health, security or safety; and
- it is necessary for a function of Equifax, such as for a legal or auditing purpose.
In providing our Secure Sentinel service, we may disclose your personal information to your third party providers, such as your financial institutions, or mobile phone provider.
Generally, before Equifax discloses your credit or personal information to any third party outside Equifax, the third party to whom the information is disclosed must be a customer, or a service provider providing us services. However, there may be circumstances where we are required or authorised by law to disclose your credit or personal information to someone who is not a customer, for example to a tribunal, court, law enforcement agency or government department.
As part of a global group providing services to customers and in dealing with our customer relationships, Equifax may disclose or provide access to personal information, not including credit information, of an organisation’s employees, contractors or other service providers, as made known to us by that organisation, to overseas entities. This occurs, for example, where we have engaged overseas entities to provide services (including technology, operations, billing, administrative and customer support services) to us, and they need to access that personal information to provide those services. Many of those overseas entities are related to us. A list of the countries in which Equifax group entities are located can be found on our parent’s website at https://www.equifax.com/about-equifax/company-profile/. We may also, in some circumstances, disclose such personal information to our clients in locations overseas.
By dealing with us, an organisation or other business entity acknowledges that these service arrangements may result in personal information provided by it or collected about such persons being disclosed to or used by an overseas recipient and that:
- the overseas recipient may not be required to protect that personal information in a way that provides comparable safeguards to those under the Privacy Act;
- the overseas recipient may be subject to a foreign law that could compel the disclosure of personal information to a third party, such as an overseas authority (for example, under the USA PATRIOT Act), and the individual may not be able to seek any redress in that overseas jurisdiction; and
- we will not be accountable under the Privacy Act, and an individual will not be able to seek redress under the Privacy Act, if the overseas recipient handles their Personal Information in breach of the Privacy Act.
By dealing with us, the organisation or other business entity – on behalf of those individuals – consents to any such disclosure and warrants that it has satisfied itself that our overseas disclosure of personal information is compatible with and satisfies any privacy policy or other privacy statement or requirement that it operates under.
We may store your credit information and other personal information in New Zealand or in Australia and may use Equifax’ related companies in Australia and cloud storage providers as our agents, where your credit information is geofenced to Australia. Data storage architecture employed by cloud service providers also means that personal information, other than credit information, contained in some communications with us, or in certain types of documents, may be held in multiple other overseas locations.
How we store and protect your information
Our customers may access your credit information held by Equifax by subscription only. The access is subject to contractual terms and conditions. Access to other personal information is subject to your consent, or is publicly available, or is subject to contractual terms and conditions. These include compliance with the Privacy Act and other relevant legislation.
We may hold your credit and personal information in paper or other physical form, but it is usually held in electronic form on our systems. To ensure your credit and personal information is secure, we use industry standard security and encryption to protect the personal information we hold on you. Furthermore, only authorised employees are granted access to your credit and personal information in our systems. We train the employees who handle your credit and personal information to ensure that your information is handled appropriately. Our procedures ensure that your credit and personal information is only made available to employees where appropriate in the course of delivering our services.
Duration of storage
We report and retain your credit information for the periods prescribed in Schedule 1 and Rule 9 of the Code, as set out in the table below:
Types of Credit Information | Maximum Reporting Period | Maximum period Equifax can retain it |
---|---|---|
Lost, stolen or compromised identification documents information | 5 years from date of report | 6 years from date of report |
Credit application information | 5 years from date of application | 6 years from date of application |
Credit account information (other than repayment history information) | 2 years from date credit account closed | 3 years from date credit account closed |
Repayment history information | 2 years from month following due date of periodic payment | 3 years from month following due date of periodic payment |
Credit default information relating to debtor credit default | 5 years from date of default | 6 years from date of default |
Credit default information relating to guarantor credit default | 5 years from date of notification of debtor’s default to guarantor | 6 years from date of notification of debtor’s default to guarantor |
Serious credit infringement information | 5 years from date of action | 6 years from date of action |
Credit non-compliance action information | 6 months from date of action | 18 months from date of action |
Confirmed credit non-compliance action information | 5 years from date of action | 6 years from date of action |
Judgments | 5 years from date of judgment | 6 years from date of judgment |
Single bankruptcy | 4 years from date of discharge from the no asset procedure | 5 years from date of discharge from the no asset procedure |
Single entry to no asset procedure | 4 years from date of discharge from the no asset procedure | 5 years from date of discharge from the no asset procedure |
Multiple No Asset Procedures (NAPs) or Bankruptcy events (as provided in the Insolvency Act 2006, section 449A) | Indefinite | Indefinite |
Debt repayment orders | 5 years from date of order | 6 years from date of order |
Previous enquiry record | 4 years from date of enquiry | 5 years from date of enquiry |
Credit score | 2 working days from date of creation | 12 months and 2 working days from date of creation |
All other personal information shall be held for no longer than is required for the purpose for which the information was initially collected.
How do you access or correct your information?
You, or a representative on behalf of you, may request access to any credit or other personal information that we hold about you. We must provide you your credit information within 10 working days of any such request.
If you want your credit information quickly (within three working days) you may be required to pay a maximum charge of $10 (incl GST), but otherwise no charge may be made.
Please visit www.mycreditfile.co.nz to make a request for your credit information.
We take reasonable steps to ensure the accuracy of credit information we hold about you and must act promptly to correct any errors we become aware of. This will usually involve checking the information you provide with the source, such as a subscriber (or creditor) who submitted a default.
If you think there are inaccuracies in your credit file there are steps you can take to request that we correct or investigate these. These steps are outlined in the My Credit File Explained brochure, which is provided to you with your credit file.
We must, as soon as is reasonably practicable, decide whether to make the correction you have requested or to confirm the accuracy of the information. If we need longer than 20 working days to make a decision, we must notify you of the extension and the reason for it. If the requested correction is not made, we must tell you the reason and you may ask to have a statement of the correction sought but not made. This statement will be included in your credit file.
If a correction is made or a correction statement added, we will send an amended report to any Equifax subscriber recorded as having accessed your credit file within the last 30 days.
We note that a credit file describes your credit history, not simply your current debts. Information about a bankruptcy that has been discharged or a default that has subsequently been paid in full can continue to be reported on your credit file provided it is updated to reflect the later developments, as it remains an accurate statement of those historical events.
Complaints procedure
Equifax has a complaints procedure in place that we must follow if you believe we have breached the Act or the Code. The objective of our complaints procedure is to facilitate the fair, simple, speedy and efficient resolution of complaints.
Under our complaints procedure:
- We will acknowledge your complaint in writing within 5 working days of receipt, unless it has been resolved to your satisfaction within that period.
- Within 10 working days of acknowledging your complaint, we will decide whether or not the complaint is justified, or if additional time is needed, we will advise you of this and the reasons why.
- On completion of our investigation, we will advise you of our decision, the reasons for it and any action we propose to take.
If you have used our complaints procedure and are not satisfied with our resolution you may provide us further information to consider, or you may choose to complain to the Privacy Commissioner who has statutory powers to investigate the matter. Some cases that cannot be settled can be taken to the Human Rights Review Tribunal.
How do I find out more about my information held by Equifax?
If you have any access requests, corrections, complaints or any other queries about your credit information, please contact the Public Access Team on:
Free phone line: 0800 692 733
Email address: publicaccess.nz@equifax.com
Web address: www.mycreditfile.co.nz
Postal address:
Equifax New Zealand Public Access
Private Bag 92156
Victoria Street
Auckland.
How do I find out more about my information held by Secure Sentinel?
For further information about Secure Sentinel, please contact Secure Sentinel on:
Free phone line: 0800 449 777
Email address: customerservice@secresentinel.com.au
Web address: www.securesentinel.co.nz
Postal address:
Secure Sentinel
Private Bag 92156
Victoria Street
Auckland.
Direct marketing from Equifax
If you do not wish to receive direct marketing via Equifax, please contact us using the following and request to be suppressed from our database:
Free phone line: 0800 698 332
Email address: DoNotContactNZ@equifax.com
Postal address:
Equifax Marketing Services
Private Bag 92156
Victoria Street
Auckland.
This Privacy Policy was last updated in July 2021.