Download our app for an even better mobile banking experience
Following the Reserve Bank of Australia's announcement on Tuesday 3 May, we have released information on interest rate changes. View details
Consumer Data Right Policy
About this Policy
Version 2 - Effective 14 April 2022
This policy provides information about how Police & Nurses Limited ABN 69 087 651 876 (Bank, we, us or our), manages data under the Consumer Data Right (CDR). References in this policy to data (including accessing, sharing and correcting data) apply specifically to data in the context of the CDR, as described in this policy below. An electronic copy is available below or a hard copy of this policy is available on request by contacting us on:
- for P&N Bank customers by calling us on 13 25 77 or emailing us at any time at [email protected]
- for bcu customers, by calling us on 1300 228 228 or emailing us at any time at [email protected]
Please refer to the P&N Bank Privacy Policy and bcu Privacy Policy for information on how we collect, use, hold and disclose your personal information more generally in accordance with applicable privacy laws. Some of your CDR data is personal information, and where this is the case, we will handle it in accordance with our Privacy Policy as well as in the manner set out in this policy.
What is the Consumer Data Right?
What types of CDR data will the Bank hold?
How to access our CDR product data
Can I request to share my Voluntary Consumer data?
What purposes will CDR data be used for?
Will CDR data be disclosed to the Bank’s service providers?
Overseas disclosures of your CDR data
What happens to redundant CDR data?
How to make a CDR related consumer complaint
What is the Consumer Data Right?
The CDR gives you the right to share your data between accredited providers. It is an opt-in service that makes it easier for you to:
- compare banking products and services; and
- access new and improved banking services.
If you choose to use CDR, your CDR data is transferred using automated data technology. The data transfer is between the providers, for example us and another
accredited bank, and the standards regulating how data is transferred are set by the Australian Government.
We accept requests for access to consumer data and product data that is mandated by law (‘required data’).
We do not accept requests for access to additional types of consumer or product data.
What is a Data Holder?
A Data Holder is a business that holds consumer data. Under the CDR Rules, a Data Holder must transfer the data to an accredited Data Recipient at the request of a consumer.
What is a Data Recipient?
A Data Recipient is a business accredited by the Australian Competition and Consumer Commission (ACCC) to receive consumer data to provide a product or service.
What types of CDR data will the Bank hold?
We hold the following classes of CDR data:
- Individual consumer data (name, occupation and contact details)
- Business consumer data (organisation profile and contact details)
- Account name, type and balance
- Account number and features (including interest rates, fees and discounts)
- Account balance and details
- Transactions details including dates, descriptions and amounts
- Direct debits and scheduled payments
- Saved payees
- Information about our products and services, which will generally include information about our product pricing, eligibility criteria, fees, terms and conditions, availability and performance of our products or service offerings.
We will refer to CDR data we hold about you as your CDR data and we will refer to information about our products and services as our CDR product data. Our CDR product data is general in nature and, therefore, does not relate or apply to any identifiable individual or business.
This data will progressively be made available commencing with our CDR product data from October 2020. Over time, further information and additional products will be available to share.
How to access our CDR product data
A request to access our CDR product data can be made by any member of the public or an organisation and you do not have to be a member of the Bank to do so.
Requests to access our CDR product data can be made using our product data request service, which is accessible through our websites (www.pnbank.com.au and www.bcu.com.au)
How to access your CDR data
You will be provided access to a Consumer Dashboard via Internet Banking or Mobile devices that provides you with the functionality to:
- authorise us to share your data with Data Recipients who have been ‘accredited’ under the CDR regime to receive the consumer data. We can only share your data if you are eligible to make a sharing request under the CDR regime and the proposed Data Recipient is ‘accredited’ under the CDR regime;
- generate a one-time passcode for authorisation when you wish to share your data with a Data Recipient;
- receive sharing requests denials and how to find out more about the denial;
- view sharing history;
- pre-authorise sharing account details you hold jointly with others; and
- withdraw your consent and ask us to cease sharing.
For example, if you are applying for a loan at another financial institution who is an accredited Data Recipient and they wish to obtain details regarding your account with us, instead of providing them with a copy of your statement, you can authorise us to share your data with them. There is no fee for accessing or data sharing requests.
Our P&N Bank Privacy Policy and bcu Privacy Policy sets out further information on how you may seek access to the personal information comprised in your CDR data.
Can I request to share my Voluntary Consumer data?
No, we will only share CDR data as required by CDR law, this means ‘voluntary data’ will not be shared by us.
How is CDR data held?
We store data securely in Australia, as outlined in our Privacy Policy and in accordance with legal requirements, and we will delete your CDR data once you withdraw your consent, or your consent expires.
What purposes will CDR data be used for?
We will only disclose your CDR data to accredited Data Recipients in accordance with the CDR regime and only when you authorise us to do so.
Will CDR data be disclosed to the Bank’s service providers?
We may need to disclose your CDR data to our third party service providers to provide us with the CDR related services described below.
Third parties service providers that we use to provide CDR data sharing services are:
- Frollo - provides the platform for the “Personal Financial Wellbeing” tools and application, which includes, but is not limited to: Transactions Categorisation, Enrichment, Personalisation, Tags & Search; Budgeting & Planning; Bill Tracker; Goals
and Challenges; Financial Wellbeing Score, etc.
The types of CDR data that we may disclose to our third party service providers includes customer data, account data and transaction data.
We will not otherwise disclose your CDR data to any party that is not accredited under the CDR regime.
Overseas disclosure of your CDR data
We will not disclose your CDR data to accredited persons outside Australia, unless you specifically ask us to share your data with an overseas recipient that is accredited under the CDR regime.
Events we will tell you about
We will give you notice via the Consumer Dashboard as soon as practicable if any of the following events occur.
- When you give your consent to the Bank collecting and using your CDR data.
- When you withdraw any consent referred to above.
- Collection of your CDR data
- Ongoing notification requirements relating to your consent
We will give you notice via appropriate methods if any of the following events occur.
- Responses to a consumer correction request
See section below titled ‘How to correct your CDR data’ for further details. - Eligible data breaches
We and our service providers employ stringent upto-date information security practices to protect your personal information. Your CDR data may also contain your personal information. In the event there is an ‘eligible data breach’ relating to your personal information we will notify you in accordance with Australian privacy legislation. An eligible data breach occurs when there is unauthorised access to, unauthorised disclosure of, or a loss of, your personal information that we hold, and that event is likely to result in serious harm to you.
How long does consent to use your CDR data last for? What happens if you withdraw consent to collect and use your CDR data?
Your consent to use your CDR data expires after 12 months after it has been provided, unless you withdraw it earlier.
If you provide consent to share your CDR data, you can withdraw this consent at any time using the available methods provided by our service. We will action a request from you to withdraw consent as soon as possible but, in any event, within two business days of receiving the request. You will receive confirmation of consent removal.
If you withdraw your consent for us to collect and use your CDR data, this will mean that any third parties that you have previously authorised to access your CDR data, will no longer have access to your CDR data. This has the potential to impact on any services or credit you may be seeking to obtain.
What happens to redundant CDR data?
Under the CDR regime, the Bank has obligations to destroy, delete or de-identify any redundant CDR data that it holds, for example, after your CDR data has been provided to an Data Recipient, in accordance with your consent.
When data is no longer required, or you withdraw your consent to share, or your consent expires, it will be deleted. We ensure the data is deleted using best industry practices and with all expected security controls applied.
How to correct your CDR data?
We take all reasonable steps to ensure that the information we collect, use or disclose is accurate, complete and up to-date. You have the right to request us to correct your CDR data if it is inaccurate, out-ofdate or incomplete.
If you have identified an error with your CDR data, you can seek correction by notifying staff in branch, or by contacting us as follows:
- for P&N Bank customers by calling us on 13 25 77 or emailing us at any time at [email protected]
- for bcu customers, by calling us on 1300 228 228 or emailing us at any time at [email protected]
We will acknowledge receipt of your request as soon as practicable and aim to correct any agreed errors with your consumer data within 10 business days of receipt of your request. As soon as practicable after that date, we will send you a written response
confirming how we have dealt with your request, which will include our reasons for not correcting the data (if relevant) and details of the complaint process available to you to escalate the matter if you are not satisfied with our response.
Our P&N Bank Privacy Policy and bcu Privacy Policy sets out further information on how you may seek correction of your personal information that is comprised in your CDR data.
We encourage you to advise us as soon as there is a change to your contact details, such as your phone number or address. We will deal with your request to correct your information in a reasonable time. If your request to correct your information relates to
information which has been provided to us by a Credit Reference Bureau (CRB) or another credit provider, we may need to consult with them about your request. We will correct information, where we decide to do so, within 30 days of your request, or longer if you agree.
How to make a CDR related consumer complaint
If you have a complaint about how we manage your CDR data, you can make a complaint by notifying staff in branch, completing the online form on our websites, or by contacting:
- for P&N Bank customers by calling us on 13 25 77 or emailing us at any time at [email protected]
- for bcu customers, by calling us on 1300 228 228 or emailing us at any time at [email protected]
To make a complaint, you will need to provide your customer details (member number), contact details and the nature of your complaint. It will also be useful if you can provide details of the outcome you desire to satisfactorily resolve your complaint.
When you make a complaint to us, we will:
- acknowledge your complaint within 2 working days (in writing or by telephone) and make sure we understand the issues,
- do everything we can to fix the problem,
- keep you informed of our progress,
- keep a record of your complaint,
- give you our name, and contact details so that you can follow up if you want to and
- provide a final response within 45 days.
If we are unable to provide a final response to your complaint within 5 days, we will:
- inform you of the reasons for the delay,
- advise of your right to complain to the relevant external dispute resolution scheme, and
If you are not satisfied with our response, or how we have handled your complaint, you can contact:
- our Member Advocate
- the Australian Financial Complaints Authority (AFCA), our external dispute resolution scheme, or the Office of the Australian Information Commissioner.
| Australian Financial Complaints Authority GPO Box 3 Melbourne VIC 3001 1800 931 678 [email protected] afca.org.au |
Office of the Australian Information Commissioner GPO Box 5218 Sydney NSW 2001 1300 363 992 oaic.gov.au |
Either of these entities may forward your complaint to another external dispute resolution body if they consider that the complaint would be better handled by that other body.
Download a copy of the Consumer Data Right Policy