CDR Policy

An overview of our Consumer Data Right Policy


About the Policy

This policy explains consumer’s data rights under the Consumer Data Right (CDR) rules.


Overview of Consumer Data Right Policy

Empowered by governments’ Open Banking initiative, Data Zoo, as an accredited data recipient, will provide digital identity verification and a personal finance management platform that will securely access and process CDR consumers’ personal banking data upon receiving their consent. This process will adhere to CDR rules, which allow consumers to control their data. Data Zoo will only collect CDR data, which is necessary to provide digital identity verification or personal finance management service.


CDR data Processing

Data Zoo will process CDR data for identity verification and personal finance management purposes. The inferred data (i.e. the verification results/ personal finance information) will only be passed to the CDR consumer, who is the owner of the data or another Accredited Data Recipient (ADR) based on the consumer’s consent. Data Zoo will access the following CDR Data:

  • Personal Information
  • Payroll Information
  • Account Information
  • Transaction Details


CDR Data Lifecycle

Data Zoo will not store any data longer than it is needed. Any data derived from CDR data will be deidentified. The CDR data will be staged for the duration of the transaction (i.e., identity verification or personal finance management), and destroyed soon after the result is generated (i.e., yes/no response or income/expense summary). Only the transaction details will be stored for regulatory purposes. The transaction details will not include any CDR data in plain text.


Managing Consumer Consent

All data will be collected based on the CDR consumer’s consent. This consent is captured and managed via Data Zoo’s IDU-X platform. Data Zoo adheres to the security and privacy requirements set out in the CDR rules. No data is stored longer than it is needed. Using Data Zoo’s IDU-X platform, a consumer will be able to provide-

  1. Consent for sharing data: CDR consumers can provide periodic consent (3/6/12 months) to share their data.
  2. Withdrawing consent: CDR consumers can withdraw their consent at any time to prohibit Data Zoo from accessing their CDR data.
  3. Deleting CDR data: Data Zoo does not store any CDR data. Only transaction logs are stored in de-identified form. The transaction records can be deleted upon request.


Consequence of withdrawing consent

Using Data Zoo’s IDU-X platform CDR consumers can withdraw their consent of sharing their CDR data with Data Zoo at any time. Once consent is withdrawn, Data Zoo will stop accessing their CDR data and will not offer its service to those consumers anymore.


Handling Complaint

If you have any queries or complaint regarding how Data Zoo processes your CDR data please raise an official complaint via email to [email protected]. Please include following information while raising complaint.

I. Your name
II. Organization name/ reference number
III. Contact details
IV. Complaints details
V. Attach any relevant supporting document

After receiving the complaint, Data Zoo processes it according to the following steps.

  1. Data Zoo will promptly acknowledge each received complaint and will try to resolve your complaint within five business days.
  2. Data Zoo will investigate the complaints before making any decision. During the investigation process, the relevant information is gathered so that recommendations can be made. If any further information is required from you, Data Zoo will contact you.
  3. If the process takes longer than five business days, Data Zoo will notify the consumer of the reason for such delay and the expected date of a decision. Data Zoo’s responsible officer will provide a written final response to the complainant within 45 days.


External dispute resolution

You can lodge a dispute through the Australian Financial Complaints Authority (AFCA), Data Zoo’s external dispute resolution provider. AFCA provides fair and independent financial services complaint resolution that is free to consumers.

Email: [email protected]
Phone: 1800 931 678 (free call)
Postal Address: Australian Financial Complaints Authority, GPO Box 3, Melbourne,    VIC, 3001

You can also contact The Office of the Australian Information Commissioner if your complaint is about your privacy or how Data Zoo handled your CDR data.

Phone: 1300 363 992
Postal Address: GPO Box, 5218, Sydney NSW 2001


Disclosing CDR data

Data Zoo does not share any CDR data with any other third-party organization. The data derived from CDR data will be shared with only CDR consumer or can be passed onto another ADR upon the CDR consumer’s request.


Notifying Consumer

When a consumer gives consent to collect and use their CDR data or withdraw their consent, Data Zoo will notify the consumer.


Availability of policy

Data Zoo’s CDR policy will be available on our official website


Contact us

You can contact us via:
Email: [email protected]
Phone: +61280144807
Postal Address: Bay8, 1-3 Middlemiss St North Sydney, NSW,2060

    Contact Us

    Simply fill out the form below, and a team member will get back to you shortly.

      Book a Meeting

      Conferences are an opportunity to learn from experts, contribute to a global conversation, and grow your personal network. Meet us at our next conference.

        Join our Newsletter

        We'll keep you up to date with Data Zoo news. No spams here.