An overview of our Consumer Data Right Policy
Overview of Consumer Data Right Policy
Empowered by governments’ Open Banking initiative, Data Zoo, as an accredited data recipient, will provide digital identity verification and a personal finance management platform that will securely access and process CDR consumers’ personal banking data upon receiving their consent. This process will adhere to CDR rules, which allow consumers to control their data. Data Zoo will only collect CDR data, which is necessary to provide digital identity verification or personal finance management service.
CDR data Processing
Data Zoo will process CDR data for identity verification and personal finance management purposes. The inferred data (i.e. the verification results/ personal finance information) will only be passed to the CDR consumer, who is the owner of the data or another Accredited Data Recipient (ADR) based on the consumer’s consent. Data Zoo will access the following CDR Data:
- Personal Information
- Payroll Information
- Account Information
- Transaction Details
CDR Data Lifecycle
Data Zoo will not store any data longer than it is needed. Any data derived from CDR data will be deidentified. The CDR data will be staged for the duration of the transaction (i.e., identity verification or personal finance management), and destroyed soon after the result is generated (i.e., yes/no response or income/expense summary). Only the transaction details will be stored for regulatory purposes. The transaction details will not include any CDR data in plain text.
Managing Consumer Consent
All data will be collected based on the CDR consumer’s consent. This consent is captured and managed via Data Zoo’s IDU-X platform. Data Zoo adheres to the security and privacy requirements set out in the CDR rules. No data is stored longer than it is needed. Using Data Zoo’s IDU-X platform, a consumer will be able to provide-
- Consent for sharing data: CDR consumers can provide periodic consent (3/6/12 months) to share their data.
- Withdrawing consent: CDR consumers can withdraw their consent at any time to prohibit Data Zoo from accessing their CDR data.
- Deleting CDR data: Data Zoo does not store any CDR data. Only transaction logs are stored in de-identified form. The transaction records can be deleted upon request.
If you have any queries or complaint regarding how Data Zoo processes your CDR data please raise an official complaint via email to [email protected]. Please include following information while raising complaint.
I. Your name
II. Organization name/ reference number
III. Contact details
IV. Complaints details
V. Attach any relevant supporting document
After receiving the complaint, Data Zoo processes it according to the following steps.
- Data Zoo will promptly acknowledge each received complaint and will try to resolve your complaint within five business days.
- Data Zoo will investigate the complaints before making any decision. During the investigation process, the relevant information is gathered so that recommendations can be made. If any further information is required from you, Data Zoo will contact you.
- If the process takes longer than five business days, Data Zoo will notify the consumer of the reason for such delay and the expected date of a decision. Data Zoo’s responsible officer will provide a written final response to the complainant within 45 days.
External dispute resolution
You can lodge a dispute through the Australian Financial Complaints Authority (AFCA), Data Zoo’s external dispute resolution provider. AFCA provides fair and independent financial services complaint resolution that is free to consumers.
Email: [email protected]
Phone: 1800 931 678 (free call)
Postal Address: Australian Financial Complaints Authority, GPO Box 3, Melbourne, VIC, 3001
You can also contact The Office of the Australian Information Commissioner if your complaint is about your privacy or how Data Zoo handled your CDR data.
Phone: 1300 363 992
Postal Address: GPO Box, 5218, Sydney NSW 2001