Icon

Consumer Data Right (CDR) Policy

 

Consumer Data Right (CDR) Policy

As a member-owned business we’re committed to being as open and honest as possible when it comes to how we deal with your information. This Consumer Data Right Policy (CDR Policy) sets out how you may access and correct certain types of information that we hold on you, how to make a complaint and how we deal with complaints. This CDR Policy only relates to our obligations under the CDR Regime. For information on how we manage your personal information generally and the rights you have under the Privacy Act you should refer to our Privacy Policy.

Legal Background

The Consumer Data Right has been implemented by amending the Competition and Consumer Act and the Privacy Act. The CDR Rules and Privacy Safeguards set out the detailed obligations of organisations that hold your data (“data holders” like CUA), those that want to collect your data (“accredited data recipients”) and those that facilitate the transfer (“designated gateways”).

When is it available to CUA members?
Product information – August, 2020

Information about our savings, transactions, term deposit and credit card products including features, eligibility, rates and fees will be available in 2020. Other products such as home, personal and business loans will become available over time.

Member and account transaction data – July 2021

It is expected that CUA members will start getting access to share their data from July 2021, starting with information about themselves and their savings, transactions, term deposit and credit card accounts.

How does it work?

Another business may want information about you so that they can offer you their services. They will ask for your consent to collect that information and will then forward that consent on to us. We will then contact you to verify your instructions before releasing your information.

It is important that you know the data that the other organisation is collecting and the purpose behind the collection. Every organisation participating in CDR must have a CDR Policy and before you consent to us sharing your information you may want to read their CDR Policy. You can ask us to stop sharing your information at any time and the easiest and quickest way to do this is through online or mobile banking.

We don’t currently accept requests for voluntary product data or voluntary consumer data.

Access and Correction Requests

Under the CDR you have the right to access certain types of information we hold on you, including your contact details, the products you hold and your transactions. We manage these requests in the same way that we manage requests for information under the Privacy Act more generally. You can contact CUA to see the information we hold on you. To do this please call us on 133 282, reach out to your iM CUA consultant or visit your nearest branch. If you believe the information we hold is incorrect you can ask us to correct it. We will acknowledge a request to correct information as quickly as possible and within 10 business days we will either update the information, include a qualifying statement with it or leave it as it is if we believe it to be correct. Our written response will let you know what we have done, and if we haven’t changed your information we’ll let you know why. Our response will also provide you with information on how to make a complaint about the way we handled your request.

Complaints and Feedback

We manage privacy and CDR complaints and feedback in accordance with our standard feedback process. Complaints will be acknowledged within 1 business day and we will endeavour to resolve your complaint within 5 business days. If your complaint hasn’t been resolved to your satisfaction within 5 business days you can refer to the matter to our Internal Dispute Resolution (IDR) team. This team can be contacted here, by calling 07 3552 4743 or by writing to Member Advocacy, GPO Box 100, Brisbane QLD 4000.

The IDR team aims to settle all disputes promptly and fairly. We may ask for further information while investigating your complaint and will provide you with regular updates. We will explain any proposed resolution. If you are dissatisfied with how IDR have resolved a CDR related complaint you can contact the Australian Financial Complaints Authority or the Australian Information and Privacy Commissioner.