CDR Policy

This Consumer Data Right (CDR) Policy is about Liberty Financial Pty Ltd (Liberty, us, our, we) and our participation in CDR. You can view this policy online or request a copy through our customer service hotline on 13 11 33.

What is CDR?

CDR is designed to give you greater access over the personal data you share with us and other accredited CDR participants. It is designed to make it easier for you to switch between providers, products and services offered in the market.

Your CDR gives you the power to direct your bank (or banks) to share information about you with us, or other accredited lenders.

Why would you do this? You might do this to get a better deal, to help you refinance or apply for a product, or to just manage your money more easily.

What data we might ask you to share with us

Liberty is an Accredited Data Recipient under the CDR regime.

You can elect to share your CDR data with us to streamline our application process. We may ask for the following CDR data from other financial institutions and banks that you are a customer of and who are CDR participants:

  • Name, contact and occupation details

  • Product information

  • Incoming and outgoing transactions including descriptions

  • Account balance

How you can share CDR data with us

Once you have submitted an application to us, we will contact you via your nominated email address with a link to our consent platform. You will be asked to opt in to the CDR process to verify information in your application and confirm what information you consent to us accessing. You may withdraw this consent at any time.

Your permission is required in order to share this CDR data. You can choose what kind of CDR data to share and how long you will share the CDR data for. Your consent will only last for 12 months, at which time you can actively opt to extend or withdraw your consent, or let your consent expire. 

As part of our secure CDR platform, which you have access to at all times, you will be able to view and manage these consents if and when you require.  

Sharing CDR data from joint accounts

If you want to share information from a joint account, both/all account holders have to consent to the CDR data being shared. Once all consents are given, both account holders will then be able to elect to share the CDR data without the other’s approval in relation to the joint account, but not in relation to the other account holder’s personal details. You may independently choose to withdraw your consent at any time. 

Withdrawing your consent

You can withdraw your consent for us to collect and use your CDR data at any time through our CDR platform, or by contacting us (see our contact details below). When you withdraw your consent, if we no longer need your CDR data for a purpose permitted under Australian law, we will delete your CDR data from our system or, where possible, de-identify the CDR data. We will de-identify your data by deleting reference to your name, address and bank account details.

Please note that Liberty may be able to use or disclose de-identified
data to innovate and improve our products, features and services without seeking further consent from you.

Disclosing your data to outsourced parties

We use Adatree Pty Ltd (Adatree), an Australian based company, to manage the CDR data consent process and to receive and collate the CDR data into a readable categorised format. Adatree is an accredited CDR participant and its CDR policy can be found at Adatree collects personal information, product, transaction and account balance details in order to provide this service to us. Adatree does not retain or otherwise use any of your CDR data.

Liberty does not disclose your CDR data to any other parties. If this does change, this CDR Policy will be updated.

Where is your CDR data stored?

Your CDR data is encrypted and only stored in Australia in a secure environment. 

Notification about certain events

As an Accredited Data Recipient, we will notify you:

  • When you give consent for us to collect and use your CDR data and we do so

  • If you withdraw your consent or your consent expires

  • When we are required to give you ongoing notifications about your consent

  • In the event of an eligible data breach under the Notifiable Data Breach Scheme in the Privacy Act 1988 (Cth) affecting your CDR data

  • If our CDR accreditation is surrendered, suspended or revoked

Requesting us to share your CDR data with others

As an Accredited Data Receipient only, we do not accept requests to share your CDR data with other accredited CDR participants. However, we expect to be able to by December 2023. Once we can, this is how it will work:

If you are already a Liberty customer,  we will be able to share the following data on your authorisation:

  • Name, contact and occupation details

  • Product information

  • Incoming and outgoing transactions including descriptions

  • Account balance

We will only share CDR data that you require us to share and do not share CDR data on a voluntary basis.

Requesting correction of your CDR information

If you believe that your CDR data is incorrect you can ask us to correct it. There is no fee for this service. We will endeavour to let you know within 10 business days whether we have made the correction. If a correction is not necessary we will let you know the reasons why. You can lodge a complaint as set out below if we have not resolved your concerns.

For CDR data that we have collected, we may need to refer you to the data holder to have it corrected. We can then collect the correct CDR data.

CDR data and Privacy

This policy describes your rights under the CDR legislation.

Please refer to our Privacy Policy for information on how we collect, use, hold and disclose your personal information, as well as how we ensure the quality, integrity and security of your personal information more generally. Our Privacy Policy also lets you know how you can request access to the personal information we hold about you, or ask for corrections to be made to your personal information.

Resolving your concerns and complaints

We are committed to providing applicants, customers, and other parties whose CDR data we hold or share, a fair and responsible system for the handling of their complaints.

If you have any complaints in relation to your CDR data, please contact our service team via the contact details below. We may need to verify your identity and obtain additional information from you about your complaint (for example, instances of conduct or errors). We will seek to address any concerns that you have through our complaints handling process. We will acknowledge receipt of your complaint within 24 hours either verbally or in writing. Generally, we aim to provide a satisfactory resolution within 5 business days, however if this cannot be done, we will let you know, and in most cases provide a resolution within 30 calendar days.

Complaint resolutions will depend on the nature of the complaint and may include the correction of your CDR data or addressing issues related to your CDR data dashboard. Please see our Complaints Handling Policy for more information.

If we are unable to resolve your complaint to your satisfaction you may refer your concerns to the Australian Financial Complaints Authority (AFCA). Alternatively, if your complaint is about privacy or how we handle your CDR data, you can also contact the Office of Australian Information Commissioner (OAIC).

How to contact us

Level 16, 535 Bourke Street
Melbourne VIC 3000
03 8635 8888
03 8635 9999

How to contact AFCA

GPO Box 3
Melbourne VIC 3001
1800 931 678

How to contact OAIC

GPO Box 5218
Sydney NSW 2001
1300 363 992

Liberty Financial Pty Ltd ABN 55 077 248 983 | Credit provided by Secure Funding Pty Ltd ABN 25 081 982 872 | Australian Credit Licence 388133 | Both trading as Liberty Financial.