Close this search box.

Consumer Data Right Policy

The Consumer Data Right is designed to keep your data secure and protect your privacy.

The Consumer Data Right (CDR) was introduced by the Australian Government to give consumers more choice and control over how their data is shared.

Under the Competition and Consumer Act 2010 and the Competition and Consumer (Consumer Data Right) Rules 2020 (CDR Laws), consumers can ask for their data to be securely transferred to an accredited provider so they can investigate, compare and access services more easily. In the banking sector, this is called “Open Banking”.

The Australian Competition and Consumer Commission, or ACCC, is the lead CDR regulator. You can find more about the CDR system on the ACCC’s website.

About us

Cairns Penny Savings & Loans Ltd trading as Cairns Bank (ABN 68 087 933 757) (we, us, our) is a CDR participant. CDR participants includes data holders and accredited data recipients:

  • A data holder is a business that holds consumer data and must transfer the data to an accredited data recipient at the consumer’s request.
  • Under the CDR system, consumers consent to a transfer of their data from a data holder to an accredited data recipient. An accredited data recipient has been accredited by the ACCC to receive consumer data to provide a product or service. Examples of accredited organisations include banks and other financial institutions.

We are currently a data holder. This means we will share your data with an accredited organisation, but only when you authorise us to do so.

About this policy

Under the CDR Laws, all CDR participants must have a CDR policy that is a separate document to its Privacy Policy. We have put together this CDR Policy to provide you with information about:

  • how we manage your CDR data;
  • how you can access and correct your CDR data;
  • how to request general product data; and
  • how you can make an inquiry or make a complain, if needed.

All reference in this policy to data relates to data in the context of the CDR, which is called CDR data, and includes information about you such as your name and contact details, as well as detailed information about your use of specific product or service. This is explained below.

Our Privacy Policy continues to govern how your personal information is managed.

We will review this CDR Policy annually and we make changes to it from time to time (without notice to you) that are necessary for our business requirements or the law. Our current CDR Policy is available on our website and in our branch. You can request us to provide this policy to you electronically or in hard copy.

Access to your CDR data

We are required to publish Product Reference Data containing specific “required product data”. Under the CDR Laws, this is public information about the products and services that we offer, such as home loans, commercial and personal loans, transaction and savings accounts and term deposit accounts. This generally includes information about the eligibility criteria, terms and conditions, price, availability or performance of a product. Because this information is generic in nature, it does not specifically relate to you or identify you.

This information is available to anyone via Application Programming Interfaces (APIs) connected to specified endpoints as set out in our website.

Voluntary data

We will only share data that we are required to share under the CDR Laws. This means we will not share any “voluntary data”.

In the future, we may accept requests for some types of voluntary data. We may charge a small fee to cover our costs if we provide access to voluntary data, but will notify you of the fee first.

Correcting your CDR data

If you believe your CDR data is incorrect, incomplete or out of date, you can request that we update the information by using the details listed under “Contact us” below.

We will confirm that we have received your request by acknowledging as soon as possible. We will then aim to let you know in writing within 10 business days whether we corrected your CDR data, or, if we found it to be correct, complete and current, we will let you know and explain why, and provide options available to you to escalate the matter.

If we have shared your CDR data with an accredited organisation with your authorisation, and later discovered that the CDR data we shared was not correct, we will notify you of this in writing within 5 business days. The corrected CDR data will be shared the next time it is requested. If you would like to receive your corrected CDR data, you can ask the accredited organisation to request it again in the manner described above.

If you would like us to update your personal information, which is governed by our Privacy Policy, you can contact us by phone, in the branch or by email.

Questions and complaints

If you have any questions, concerns or complaints about this CDR Policy, or our handling of your CDR data, please contact us by using the details listed under “Contact us” below.

You can make a complaint over the phone, in writing or in person, by using the details listed under “Contact us” below. Once a complaint has been lodged, we will respond to you as soon as possible. We will aim to deal with your complaint at the source of your complaint. If you are not satisfied with the response you receive, please let us know and we will investigate further and respond to you.

If an issue has not been resolved to your satisfaction, you can contact the Office of the Australian Information Commissioner, or OAIC, being the primary complaints handler for the CDR system. You can also contact our external dispute resolution scheme, the Australian Financial Complaints Authority, or AFCA. OAIC’s and AFCA’s service is free to access, and their contact details are:

Post: GPO Box 5218 Sydney NSW 2001
Telephone: 1300 363 992

Post: GPO Box 3, Melbourne VIC 3001
Telephone: 1800 931 678 (free call)

What to include in your complaint

When making your complaint to us, please:

  • identify yourself;
  • include your contact details (address, email, phone number);
  • the date (if you are lodging a complaint in writing);
  • give any identification or reference number(s), such as your member number;
  • give a brief description of the matter and why you think we have mishandled your CDR data (what happened, when it happened and any consequences); and
  • let us know what you would like us to do to resolve the matter.

Please provide as much information as possible to help us manage your complaint.