- Contact us
- Call: 13 11 33
CDR Policy
This Consumer Data Right (CDR) Policy is about Liberty Financial Pty Ltd (Liberty, us, our, we) and our participation in CDR. You can view this policy online or request a copy through our customer service hotline on 13 11 33.
Liberty is an Accredited Data Recipient and a Data Holder under the CDR regime.
What is CDR?
CDR is designed to give you greater access over the personal data you share with us and other accredited CDR participants. It is designed to make it easier for you to switch between providers, products and services offered in the market.
Your CDR gives you the power to direct your financial institution (if they are a Data Holder under CDR) to share information about you with us, or other Accredited Data Recipients.
Why would you do this? You might do this to get a better deal, to help you refinance or apply for a product, or to just manage your money more easily.
What data we might ask you to share with us
You can elect to share your CDR data with us to streamline our application process. We may ask for the following CDR data from other accredited CDR participants that you are a customer of:
• Name, contact and occupation details
• Product information
• Incoming and outgoing transactions including descriptions
• Account balance
How you can share and manage your CDR data with us
Once you have submitted a loan application to us, we will contact you via your nominated email address with a link to our consent platform. You will be asked to opt in to the CDR process to verify information in your application and confirm what information you consent to us accessing.
Your permission is required in order to share this CDR data. You can choose what kind of CDR data to share and how long you will share the CDR data for. Your consent will only last for 12 months, at which time you can actively opt to extend or withdraw your consent, or let your consent expire.
As part of our secure CDR platform, which you have access to, you will be able to amend and withdraw these consents if and when you require. You can also do this by contacting us (see our contact details below).
If you request deletion of your CDR data or withdraw your consent before we provide you with a service, we may not be able to provide you with the service you have requested.
Sharing CDR data with us from joint accounts
If you want to share information from a joint account, all account holders have to consent to the CDR data being shared. Once all consents are given, all account holders will then be able to elect to share the CDR data without the other’s approval in relation to the joint account, but not in relation to the other account holder’s personal details. You may independently choose to withdraw your consent at any time.
When we delete your CDR data
We will delete your CDR data if:
• You ask us to delete it (you can contact us using the details below)
• Your consent expires or is withdrawn
• Your CDR data becomes redundant
If we delete your CDR data it will be permanently deleted from our system and in accordance with our information technology and data security practices.
We will not delete your CDR data if we are legally required or permitted to keep it or if you consent to us keeping it on a de-identified basis (see ‘When we will de-identify your CDR data’ below).
When we de-identify your CDR data
If you have consented to us using or disclosing your redundant CDR data to research and improve our products, features and services, we will de-identify the CDR data by deleting reference to your name, address and bank account details.
Disclosing your data to outsourced parties
We may use third parties, called “outsourced providers” (OSPs), to provide you with a service. We only use OSPs based in Australia who we have a written agreement with. Our OSPs may collect your personal information, product, transaction and account balance details in order to provide us with their service however they will not retain or otherwise use any of your CDR data unless legally required.
See our list of OSPs here, along with more details on what data they collect or we disclose to them, the services they provide and if they are accredited.
Liberty does not disclose your CDR data to any other parties. If this does change, the list of OSPs will be updated.
Requests to share your CDR data
If you are a Liberty customer and Liberty Online (our online portal) is activated, you may authorise us to share the following CDR data:
• Name, contact and occupation details
• Product information
• Incoming and outgoing transactions including descriptions
• Account balance
You will be able to view and manage all your data sharing authorisations through Liberty Online.
We will not charge you for a CDR data sharing request. We will only share CDR data that you require us to share and do not share CDR data on a voluntary basis.
Requests to share data from a joint account
Joint accounts are automatically enabled to share CDR data. However, a joint account holder can stop the sharing authorisation at any time, which will also pause all active sharing requests. If this happens, no account holder will be able to share joint account data until all account holders have re-authorised the sharing request.
Where is your CDR data stored?
Your CDR data is encrypted and only stored in Australia in a secure environment.
Notification about certain events
As an Accredited Data Recipient, we will notify you:
• When you give consent for us to collect and use your CDR data and we do so
• When you give consent for us to disclose your CDR data to accredited persons or other permitted persons (such as advisors) and we do so
• If you amend or withdraw your consent or your consent expires
• When we are required to give you ongoing notifications about your consent
• In the event of an eligible data breach under the Notifiable Data Breach Scheme in the Privacy Act 1988 (Cth) affecting your CDR data
• If our CDR accreditation is surrendered, suspended or revoked
Requesting correction of your CDR information
If you believe that your CDR data is incorrect you can ask us to correct it. There is no fee for this service. We will endeavour to let you know within 10 business days whether we have made the correction. If a correction is not necessary or we cannot process your request, we will let you know the reasons why. You can lodge a complaint as set out below if we have not resolved your concerns.
For CDR data that we have collected, we may need to refer you to the data holder to have it corrected. We can then collect the correct CDR data.
CDR data and Privacy
This policy describes your rights under the CDR legislation.
Please refer to our Privacy Policy for information on how we collect, use, hold and disclose your personal information, as well as how we ensure the quality, integrity and security of your personal information more generally. Our Privacy Policy also lets you know how you can request access to the personal information we hold about you, or ask for corrections to be made to your personal information.
Resolving your concerns and complaints
We are committed to providing applicants, customers, and other parties whose CDR data we hold or share, a fair and responsible system for the handling of their complaints.
If you have any complaints in relation to your CDR data, please contact our service team via the contact details below. We may need to verify your identity and obtain additional information from you about your complaint (for example, instances of conduct or errors). We will seek to address any concerns that you have through our complaints handling process. We will acknowledge receipt of your complaint within 24 hours either verbally or in writing. Generally, we aim to provide a satisfactory resolution within 5 business days, however if this cannot be done, we will let you know, and in most cases provide a resolution within 30 calendar days.
Complaint resolutions will depend on the nature of the complaint and may include the correction of your CDR data or addressing issues related to your CDR data dashboard. Please see our Complaints Handling Policy for more information.
If we are unable to resolve your complaint to your satisfaction you may refer your concerns to the Australian Financial Complaints Authority (AFCA). Alternatively, if your complaint is about privacy or how we handle your CDR data, you can also contact the Office of Australian Information Commissioner (OAIC).
How to contact us
Naarm Country
Level 16, 535 Bourke Street
Melbourne VIC 3000
03 8635 8888
03 8635 9999
service@liberty.com.au
How to contact AFCA
GPO Box 3
Melbourne VIC 3001
1800 931 678
info@afca.org.au
www.afca.org.au
How to contact OAIC
GPO Box 5218
Sydney NSW 2001
1300 363 992
enquiries@oaic.gov.au
www.oaic.gov.au
Liberty Financial Pty Ltd ABN 55 077 248 983 | Credit provided by Secure Funding Pty Ltd ABN 25 081 982 872 | Australian Credit Licence 388133 | Both trading as Liberty Financial.