Adatree Consumer Data Right Policy

Adatree Consumer Data Right Policy

• Consumer Data Right Policy Overview

  This Consumer Data Right (CDR) Policy (the Policy) explains how Adatree Pty Ltd
  (Adatree) can collect, use, hold and disclose your data that you consent to sharing
  with us. This ensures transparency and trust between all parties, as well as ensuring
  the quality, integrity and security of your personal information under applicable CDR
  legislation and Privacy Laws.

  
  Please refer to the Privacy Policy on our website for information on our management
  of your personal information.

• What is the CDR?

  The CDR (Consumer Data Right) gives you control about the data that you share
  with other banks and financial institutions. This is often referred to as Open Banking.
  It helps you send your data to other companies with your full consent, knowledge
  and control in a secure way. The intention is that you can help find the best products,
  prices, suitable and to help switch to new products and services.

  
  Open Banking will allow you to ask that your data be sent to other banks, financial
  institutions and authorised organisations when you want to. You control who holds
  your data and how it is used.

• Your rights as a consumer regarding your data

  As a consumer you have control over who you can share your data with. Any data
  recipient is accredited by the ACCC and is subject to ongoing processes, internal
  dispute resolution, information security, service-level agreements, audit and other
  requirements by the Data Accreditation Body.

  
  You may choose to share your data that is held by an existing data holder (for
  example, a banking institution) with an accredited data recipient (for example,
  another banking institution or a fintech).

  
  Adatree is able to use or disclose (by sale or otherwise) the de-identified redundant
  data without seeking further consent from you.

• Granting and managing consent

  Should you choose, you can consent to share your data with a data recipient.

  You have rights to choose the following about sharing:

  • which data types (for example, profile, payments, transaction or product
    information);
  • how long you will share your data for, whether one-off share or ongoing
    sharing;
  • whether you opt in to receiving direct marketing related to the data shared;
    and
  • election of deletion of redundant data, if an alternative de-identification of data is offered.

  Consent may only last for a maximum of twelve (12) months, until the time that you
  withdraw consent, re-grant consent or the consent expires.

  You may view and manage your consent in the consent dashboard of either of the organisations that receive or send your data.

• Withdrawing consent

  You may withdraw your consent at any time. You can withdraw your consent in multiple ways, including:
  

  • Through the data recipient consent dashboard;
  • Through the data holder consent dashboard; or
  • In writing to either party.

  The consent revocation must be completed within two business days if notified in
  writing. If revocation occurs through the consent dashboard, the dashboard will be
  updated in near real-time to reflect your change in consent status (for example,
  active, expired or withdrawn).

  If the consent is withdrawn, we will delete your data.

  If you withdraw your consent, the services provided to you by the Data Recipient
  may cease.

• Deletion of your data

  Legislation requires that Adatree adheres to the data minimisation principle, which
  requires that only the required data is held as long as needed. This is related to the
  purposes stated for data capture.

  If you give consent to an accredited data recipient to collect and use their CDR data,
  you may elect that your collected data, and any data derived from it, be deleted
  when it becomes redundant. This can be managed when consent is given or during
  the consent lifecycle before consent is withdrawn or expired.

• Disclosing your data to outsourced parties

  Adatree does not disclose your data to any parties. If this does change, this list will
  be updated based on any changed arrangements with outsourced parties.

• Where your data is stored

  Your data is stored onshore. Copies of your data is only stored in Australia. 

  This list will be updated based on outsourced parties and their storage policies. 

• Resolving your privacy concerns and complaints – your rights

  If you have a question or complaint about how your personal information is being
  handled by us, our affiliates or contracted service providers, please contact us first by
  using the contact details provided below.

  We will acknowledge your complaint as soon as we can after receipt of your
  complaint. We will let you know if we need any further information from you to
  resolve your complaint.

  We aim to resolve complaints as quickly as possible. We strive to resolve complaints
  within five (5) business days but some complaints may take longer to resolve. If your
  complaint is taking longer, we will let you know what is happening and a date by
  which you can reasonably expect a response.

  If you are unhappy with our response, you can contact our Complaints Officer who
  can conduct an independent review of your matter. The contact details are
  complaints@adatree.com.au.

  Raising your issue with our Complaints Officer does not preclude you from raising
  your issue at any time with external disputes schemes or relevant regulators whose
  details are set out below.

  Under the Privacy Act you may complain to the Office of the Australian Information
  Commissioner (OAIC) about the way we handle your personal information. Please
  note the OAIC requires any complaint must first be made to the respondent
  organisation. The law also allows 30 days for the respondent organisation to deal
  with the complaint before a person may make a complaint to the OAIC.

  The Commissioner can be contacted at:

  Office of Australian Information Commissioner
  GPO Box 5218
  Sydney NSW 2001
  Phone: 1300 363 992
  Email: enquiries@oaic.gov.au
  www.oaic.gov.au

  The Australian Financial Complaints Authority (AFCA) can consider certain privacy complaints relating to either the provision of credit or credit reporting information in
  general.

  The contact details for AFCA are set out below:

  
  Online: www.afca.org.au
  Email: info@afca.org.au
  Phone: 1800 931 678 (free call)
  Mail: Australian Financial Complaints Authority GPO Box 3 Melbourne VIC
  3001

• Contact Us

  You can contact us in the following ways:
  

  • by calling us on (02) 8005 1826
  • by email at hello@adatree.com.au
  • in writing to 233 Castlereagh Street, Suite 8.01, Level 8, Sydney NSW 2000

• Policy Versioning

  Last Reviewed: November 21, 2020