CDR Policy

This Consumer Data Right (CDR) Policy is about Liberty Financial Pty Ltd (Liberty, us, our, we) and our participation in CDR. You can view this policy online or request a copy through our customer service hotline on 13 11 33.

What is CDR?

CDR is designed to give you greater access over the personal data you share with us and other accredited CDR participants. It is designed to make it easier for you to switch between providers, products and services offered in the market.

Your CDR gives you the power to direct your financial institution to share information about you with us, or other Accredited Data Recipients.

Why would you do this? You might do this to get a better deal, to help you refinance or apply for a product, or to just manage your money more easily.

What data we might ask you to share with us

Liberty is an Accredited Data Recipient under the CDR regime.

You can elect to share your CDR data with us to streamline our application process. We may ask for the following CDR data from other accredited CDR participants that you are a customer of:

  • Name, contact and occupation details

  • Product information

  • Incoming and outgoing transactions including descriptions

  • Account balance

How you can share CDR data with us

Once you have submitted a loan application to us, we will contact you via your nominated email address with a link to our consent platform. You will be asked to opt in to the CDR process to verify information in your application and confirm what information you consent to us accessing.

Your permission is required in order to share this CDR data. You can choose what kind of CDR data to share and how long you will share the CDR data for. Your consent will only last for 12 months, at which time you can actively opt to extend or withdraw your consent, or let your consent expire. 

As part of our secure CDR platform, which you have access to at all times, you will be able to amend and withdraw these consents if and when you require. You can also do this by contacting us (see our contact details below).

If you request deletion of your CDR data or withdraw your consent before we provide you with a service, we may not be able to provide you with the service you have requested.   

Sharing CDR data with us from joint accounts

If you want to share information from a joint account, all account holders have to consent to the CDR data being shared. Once all consents are given, all account holders will then be able to elect to share the CDR data without the other’s approval in relation to the joint account, but not in relation to the other account holder’s personal details. You may independently choose to withdraw your consent at any time. 

When we delete your CDR data

We will delete your CDR data if your consent expires or is withdrawn, you request deletion of your CDR data, or if the CDR data becomes redundant. We will not delete CDR if we are legally required or permitted to keep it or if you consent to us keeping it on a de-identified basis (see 'When we de-identify your CDR data' below). If we delete your CDR data we will do so in accordance with our information technology and data security practices.

When we de-identify your CDR data

If you have consented to us using or disclosing your redundant CDR data to research and improve our products, features and services, we will de-identify the CDR data by deleting reference to your name, address and bank account details.

Disclosing your data to outsourced parties

We use Adatree Pty Ltd (Adatree), an Australian based company, to manage the CDR data consent process and to receive the CDR data. Adatree is an accredited CDR participant and its CDR policy can be found at Adatree uses Mogo Holdings Pty Ltd (Mogo), its Australian based outsourced service provider, to collate the CDR data into a readable categorised format. Adatree (and Mogo) collect personal information, product, transaction and account balance details in order to provide these services to us. Neither Adatree or Mogo retain or otherwise use any of your CDR data.

Liberty does not disclose your CDR data to any other parties. If this does change, this CDR Policy will be updated.

Requests to share your CDR data

As an Accredited Data Recipient only, we do not accept requests to share your CDR data with other accredited CDR participants. However, we expect to be approved as an Accredited Data Holder on 1 July 2024. Once accredited, this is how it will work:

If you are a Liberty customer and Liberty Online (our online portal) is activated, you may authorise us to share the following CDR data :

  • Name, contact and occupation details

  • Product information

  • Incoming and outgoing transactions including descriptions

  • Account balance

You will be able to view and manage all your data sharing authorisations through Liberty Online.

We will not charge you for a CDR data sharing request. We will only share CDR data that you require us to share and do not share CDR data on a voluntary basis.

Requests to share data from a joint account

Joint accounts are automatically enabled to share CDR data. However, a joint account holder can stop the sharing authorisation at any time, which will also pause all active sharing requests. If this happens, no account holder will be able to share joint account data until all account holders have re-authorised the sharing request.

Where is your CDR data stored?

Your CDR data is encrypted and only stored in Australia in a secure environment.

Notification about certain events

As an Accredited Data Recipient, we will notify you:

  • When you give consent for us to collect and use your CDR data and we do so

  • If you amend or withdraw consent or your consent expires

  • When we are required to give you ongoing notifications about your consent

  • In the event of an eligible data breach under the Notifiable Data Breach Scheme in the Privacy Act 1988 (Cth) affecting your CDR data

  • If our CDR accreditation is surrendered, suspended or revoked

Requesting correction of your CDR information

If you believe that your CDR data is incorrect you can ask us to correct it. There is no fee for this service. We will endeavour to let you know within 10 business days whether we have made the correction. If a correction is not necessary or we cannot process your request, we will let you know the reasons why. You can lodge a complaint as set out below if we have not resolved your concerns.

For CDR data that we have collected, we may need to refer you to the data holder to have it corrected. We can then collect the correct CDR data.

CDR data and Privacy

This policy describes your rights under the CDR legislation.

Please refer to our Privacy Policy for information on how we collect, use, hold and disclose your personal information, as well as how we ensure the quality, integrity and security of your personal information more generally. Our Privacy Policy also lets you know how you can request access to the personal information we hold about you, or ask for corrections to be made to your personal information.

Resolving your concerns and complaints

We are committed to providing applicants, customers, and other parties whose CDR data we hold or share, a fair and responsible system for the handling of their complaints.

If you have any complaints in relation to your CDR data, please contact our service team via the contact details below. We may need to verify your identity and obtain additional information from you about your complaint (for example, instances of conduct or errors). We will seek to address any concerns that you have through our complaints handling process. We will acknowledge receipt of your complaint within 24 hours either verbally or in writing. Generally, we aim to provide a satisfactory resolution within 5 business days, however if this cannot be done, we will let you know, and in most cases provide a resolution within 30 calendar days.

Complaint resolutions will depend on the nature of the complaint and may include the correction of your CDR data or addressing issues related to your CDR data dashboard. Please see our Complaints Handling Policy for more information.

If we are unable to resolve your complaint to your satisfaction you may refer your concerns to the Australian Financial Complaints Authority (AFCA). Alternatively, if your complaint is about privacy or how we handle your CDR data, you can also contact the Office of Australian Information Commissioner (OAIC).

How to contact us

Liberty Financial Pty Ltd
Level 16, 535 Bourke Street
Melbourne VIC 3000
03 8635 8888
03 8635 9999

How to contact AFCA

Australian Financial Complaints Authority
GPO Box 3
Melbourne VIC 3001
1800 931 678

How to contact OAIC

Office of the Australian Information Commissioner
Gadigal Country
GPO Box 5218
Sydney NSW 2001
1300 363 992

Liberty Financial Pty Ltd ABN 55 077 248 983 | Credit provided by Secure Funding Pty Ltd ABN 25 081 982 872 | Australian Credit Licence 388133 | Both trading as Liberty Financial.