Following the Reserve Bank of Australia's announcement on Tuesday 3 May, we have released information on interest rate changes. View details
Version 2 - Effective 14 April 2022
This policy provides information about how Police & Nurses Limited ABN 69 087 651 876 (Bank, we, us or our), manages data under the Consumer Data Right (CDR). References in this policy to data (including accessing, sharing and correcting data) apply specifically to data in the context of the CDR, as described in this policy below. An electronic copy is available below or a hard copy of this policy is available on request by contacting us on:
Please refer to the P&N Bank Privacy Policy and bcu Privacy Policy for information on how we collect, use, hold and disclose your personal information more generally in accordance with applicable privacy laws. Some of your CDR data is personal information, and where this is the case, we will handle it in accordance with our Privacy Policy as well as in the manner set out in this policy.
What is the Consumer Data Right?
What types of CDR data will the Bank hold?
How to access our CDR product data
Can I request to share my Voluntary Consumer data?
What purposes will CDR data be used for?
Will CDR data be disclosed to the Bank’s service providers?
Overseas disclosures of your CDR data
What happens to redundant CDR data?
How to make a CDR related consumer complaint
The CDR gives you the right to share your data between accredited providers. It is an opt-in service that makes it easier for you to:
If you choose to use CDR, your CDR data is transferred using automated data technology. The data transfer is between the providers, for example us and another
accredited bank, and the standards regulating how data is transferred are set by the Australian Government.
We accept requests for access to consumer data and product data that is mandated by law (‘required data’).
We do not accept requests for access to additional types of consumer or product data.
A Data Holder is a business that holds consumer data. Under the CDR Rules, a Data Holder must transfer the data to an accredited Data Recipient at the request of a consumer.
A Data Recipient is a business accredited by the Australian Competition and Consumer Commission (ACCC) to receive consumer data to provide a product or service.
We hold the following classes of CDR data:
We will refer to CDR data we hold about you as your CDR data and we will refer to information about our products and services as our CDR product data. Our CDR product data is general in nature and, therefore, does not relate or apply to any identifiable individual or business.
This data will progressively be made available commencing with our CDR product data from October 2020. Over time, further information and additional products will be available to share.
A request to access our CDR product data can be made by any member of the public or an organisation and you do not have to be a member of the Bank to do so.
Requests to access our CDR product data can be made using our product data request service, which is accessible through our websites (www.pnbank.com.au and www.bcu.com.au)
You will be provided access to a Consumer Dashboard via Internet Banking or Mobile devices that provides you with the functionality to:
For example, if you are applying for a loan at another financial institution who is an accredited Data Recipient and they wish to obtain details regarding your account with us, instead of providing them with a copy of your statement, you can authorise us to share your data with them. There is no fee for accessing or data sharing requests.
Our P&N Bank Privacy Policy and bcu Privacy Policy sets out further information on how you may seek access to the personal information comprised in your CDR data.
No, we will only share CDR data as required by CDR law, this means ‘voluntary data’ will not be shared by us.
We store data securely in Australia, as outlined in our Privacy Policy and in accordance with legal requirements, and we will delete your CDR data once you withdraw your consent, or your consent expires.
We will only disclose your CDR data to accredited Data Recipients in accordance with the CDR regime and only when you authorise us to do so.
We may need to disclose your CDR data to our third party service providers to provide us with the CDR related services described below.
Third parties service providers that we use to provide CDR data sharing services are:
The types of CDR data that we may disclose to our third party service providers includes customer data, account data and transaction data.
We will not otherwise disclose your CDR data to any party that is not accredited under the CDR regime.
We will not disclose your CDR data to accredited persons outside Australia, unless you specifically ask us to share your data with an overseas recipient that is accredited under the CDR regime.
We will give you notice via the Consumer Dashboard as soon as practicable if any of the following events occur.
We will give you notice via appropriate methods if any of the following events occur.
We and our service providers employ stringent upto-date information security practices to protect your personal information. Your CDR data may also contain your personal information. In the event there is an ‘eligible data breach’ relating to your personal information we will notify you in accordance with Australian privacy legislation. An eligible data breach occurs when there is unauthorised access to, unauthorised disclosure of, or a loss of, your personal information that we hold, and that event is likely to result in serious harm to you.
Your consent to use your CDR data expires after 12 months after it has been provided, unless you withdraw it earlier.
If you provide consent to share your CDR data, you can withdraw this consent at any time using the available methods provided by our service. We will action a request from you to withdraw consent as soon as possible but, in any event, within two business days of receiving the request. You will receive confirmation of consent removal.
If you withdraw your consent for us to collect and use your CDR data, this will mean that any third parties that you have previously authorised to access your CDR data, will no longer have access to your CDR data. This has the potential to impact on any services or credit you may be seeking to obtain.
Under the CDR regime, the Bank has obligations to destroy, delete or de-identify any redundant CDR data that it holds, for example, after your CDR data has been provided to an Data Recipient, in accordance with your consent.
When data is no longer required, or you withdraw your consent to share, or your consent expires, it will be deleted. We ensure the data is deleted using best industry practices and with all expected security controls applied.
We take all reasonable steps to ensure that the information we collect, use or disclose is accurate, complete and up to-date. You have the right to request us to correct your CDR data if it is inaccurate, out-ofdate or incomplete.
If you have identified an error with your CDR data, you can seek correction by notifying staff in branch, or by contacting us as follows:
We will acknowledge receipt of your request as soon as practicable and aim to correct any agreed errors with your consumer data within 10 business days of receipt of your request. As soon as practicable after that date, we will send you a written response
confirming how we have dealt with your request, which will include our reasons for not correcting the data (if relevant) and details of the complaint process available to you to escalate the matter if you are not satisfied with our response.
Our P&N Bank Privacy Policy and bcu Privacy Policy sets out further information on how you may seek correction of your personal information that is comprised in your CDR data.
We encourage you to advise us as soon as there is a change to your contact details, such as your phone number or address. We will deal with your request to correct your information in a reasonable time. If your request to correct your information relates to
information which has been provided to us by a Credit Reference Bureau (CRB) or another credit provider, we may need to consult with them about your request. We will correct information, where we decide to do so, within 30 days of your request, or longer if you agree.
If you have a complaint about how we manage your CDR data, you can make a complaint by notifying staff in branch, completing the online form on our websites, or by contacting:
To make a complaint, you will need to provide your customer details (member number), contact details and the nature of your complaint. It will also be useful if you can provide details of the outcome you desire to satisfactorily resolve your complaint.
When you make a complaint to us, we will:
If we are unable to provide a final response to your complaint within 5 days, we will:
If you are not satisfied with our response, or how we have handled your complaint, you can contact:
Australian Financial Complaints Authority GPO Box 3 Melbourne VIC 3001 1800 931 678 [email protected] afca.org.au |
Office of the Australian Information Commissioner GPO Box 5218 Sydney NSW 2001 1300 363 992 oaic.gov.au |
Either of these entities may forward your complaint to another external dispute resolution body if they consider that the complaint would be better handled by that other body.
Download a copy of the Consumer Data Right Policy
We'd like to use your current location
For a more localised experience please enter your location below...
Set your location for a more localised experience.