Privacy FAQs for accredited data recipient customers

Tags: accredited data recipients

The OAIC has developed suggested content to help accredited data recipients explain Consumer Data Right privacy protections to their customers.

The information is provided in a Q&A format as a guide for accredited data recipients to use in their customer-facing materials. Accredited data recipients should tailor this suggested content to make it as helpful as possible for their customers. For example, by providing links to relevant documents or online services, such as their Consumer Data Right policy and consumer dashboard.

What is Consumer Data Right?

Consumer Data Right gives you control over information businesses have about you. It allows you to give access to this information to an accredited data recipient – like us – so we can offer products and services tailored to your needs.

Consumer Data Right is an opt-in system. You can choose to give us access to your data and you can withdraw your consent at any time. You control what data is transferred to us and how we can use it. You can also ask us to delete your data at any time.

Consumer Data Right is co-regulated by the Australian Competition and Consumer Commission (ACCC) and the Office of the Australian Information Commissioner (OAIC). The ACCC and the OAIC make sure consumer rights and protections, including requirements around consent and privacy, are enforced. More information on the role of each regulator can be found on the Consumer Data Right website’s About page

What is a data holder and an accredited data recipient?

There are two main types of businesses in the Consumer Data Right system: data holders and accredited data recipients.

A data holder is the business that currently holds your data – for example, your bank. You can direct registered data holders to make your data available to accredited data recipients.

An accredited data recipient is a business that has been accredited by the Australian Competition and Consumer Commission (ACCC) to receive your data from a data holder – only after you have given your consent. The accredited data recipient then uses your data for the purpose you requested. For example, to conduct a product comparison through an app.

We are an accredited data recipient under the Consumer Data Right system. We gained this accreditation by meeting the strict criteria set out by the ACCC.

You can find a list of registered data holders on the Consumer Data Right website’s Find a provider page.

How is your privacy protected?

Strong privacy safeguards are built into the Consumer Data Right system to make sure your data is protected. The Consumer Data Right privacy safeguards set out your privacy rights and the strict obligations on businesses collecting and handling your data.

We can handle your Consumer Data Right data as we have been accredited by the Australian Competition and Consumer Commission (ACCC) and meet strict requirements for:

  • obtaining your consent
  • data collection, usage and storage
  • information security
  • protecting your privacy.

Obtaining your consent

We will only collect your data from another business if we have your express consent. You can withdraw your consent at any time.

Data collection, usage and storage

We will only collect and use your data to provide the product or service to you that you requested. We will make it clear on our website and app when we collect your data.

If you withdraw your consent, we will stop using your data and delete or de-identify any previously collected data, unless an exception applies. 

Information security

We meet strict information security requirements. This includes ensuring your data is protected from misuse, interference and loss, as well as from unauthorised access, modification or disclosure.

Protecting your privacy

Your data is transferred via a secure online system to protect your privacy and information.

You have a number of other privacy rights under Consumer Data Right. For example, we must not send your data overseas, unless an exception applies.

You can find out more about your privacy rights in this fact sheet.

How do you give consent?  

Informed and voluntary consent is an important part of safeguarding your privacy.

We can only access your data if you consent to transfer it to us. We will present the information you need to make your decision in a clear and concise format. Before you give us consent to access your data, you should read this information and make sure you understand how your data will be used.  

You always have control over whether you give consent to share your data. Your consent will always be for a specific use and time period (no longer than 12 months). You can withdraw your consent and stop sharing data with us whenever you choose. More information on how consent works can be found on the Consumer Data Right website’s How it works page.

How can you manage your Consumer Data Right data?

Our Consumer Data Right policy outlines how we manage your data. You can access the policy through our website and app.

We will also provide you with an online service on our website and app where you can see:

  • exactly what information you are giving us access to and how it will be used
  • who will have access to your data
  • how long they will have access to your data
  • how you can manage and withdraw your consents.

How can you make a complaint?

If you think we have mishandled the Consumer Data Right consent process, compromised the security of your data, or breached your privacy, you have the right to make a complaint. Our Consumer Data Right policy includes advice on how to complain to us, as well as the steps we will take to resolve your complaint.

You should complain to us and give us an opportunity to respond before taking further action. When you contact us, you should identify yourself and provide any relevant reference numbers, give a brief description of the issue, and let us know what you would like us to do to resolve the matter. You can find an example complaint letter on the Office of the Australian Information Commissioner’s (OAIC) website. We will do our best to respond within 30 days.

If we fail to respond within a reasonable period (usually 30 days), or you are not satisfied with our response, you can complain to the OAIC. The OAIC regulates the privacy aspects of the Consumer Data Right system to make sure consumer privacy rights are protected

You can lodge your complaint through the Consumer Data Right website’s Contact us page. If you need assistance, you can call the OAIC directly on 1300 363 992.

You also have the right to get legal advice and take your own legal action.

 

Was this page helpful?

Thank you.

If you would like to provide more feedback, please email us at websitefeedback@oaic.gov.au