Version 3 - Effective 05 December 2022
This policy provides information about how Police & Nurses Limited ABN 69 087 651 876 (Bank, we, us or our), manages data under the Consumer Data Right (CDR). References in this policy to data (including accessing, sharing and correcting data) apply specifically to data in the context of the CDR, as described in this policy below. An electronic or hard copy of this policy is available on request by contacting us on:
The CDR gives you the right to share your data between accredited providers. It is an opt-in service (where you can choose to use the service) that makes it easier for you to:
If you choose to use CDR, your CDR data is transferred using automated data technology. The data transfer is between the providers, for example us and another accredited bank, and the standards regulating how data is transferred are set by the Australian Government.
We accept requests for access to consumer data and product data that is mandated by law (‘required data’).
We do not accept requests for access to additional types of consumer or product data.
A Data Holder is a business that holds consumer data. Under the CDR Rules, a Data Holder must transfer the data to an accredited Data Recipient if and when you request it.
A Data Recipient is a business accredited by the Australian Competition and Consumer Commission (ACCC) to receive consumer data to provide a product or service.
We hold the following classes of CDR data:
We will refer to CDR data we hold about you as your CDR data and we will refer to information about our products and services as our CDR product data. Our CDR product data is general in nature and, therefore, does not relate or apply to any identifiable individual or business.
A request to access our CDR product data can be made by any member of the public or an organisation and you do not have to be a member of the Bank to do so.
You can access your data by authorising us to share it with data recipients who have been ‘accredited’ under the CDR regime to receive consumer data. We can only share your data with organisations that have been accredited, and if you are eligible to make a sharing request under the CDR regime.
You will be provided access to a Consumer Dashboard via Internet Banking or Mobile devices that provides you with the functionality to:
For example, if you are applying for a loan at another financial institution who is accredited Data Recipient and they wish to obtain details regarding your account with us, instead of providing them with a copy of your statement, you can authorise us to share your data with them. There is no fee for accessing or data sharing requests.
You may also request from us access to copies of the following data holder records:
Where you make a request for your CDR data, we will provide the relevant copies of your records as soon as practicable, and no later than 10 business days after receiving the request.
No, we will only share CDR data as required by CDR law, this means 'voluntary data' will not be shared by us.
We will only disclose your CDR data to accredited Data Recipients in accordance with the CDR regime and only when you authorise us to do so.
We may need to disclose your CDR data to our third-party service providers to provide us with the CDR-related services described below.
Third parties service providers that we use to provide CDR data sharing services are:
The types of CDR data that we may disclose to our third party service providers includes customer data, account data and transaction data.
We will not otherwise disclose your CDR data to any party that is not accredited under the CDR regime.
We will not disclose your CDR data to accredited persons outside Australia, unless you specifically ask us to share your data with an overseas recipient that is accredited under the CDR regime.
We will give you notice via the Consumer Dashboard as soon as practicable if any of the following events occur.
We will give you notice via appropriate methods if any of the following events occur.
We and our service providers employ stringent up-to-date information security practices to protect your personal information. Your CDR data may also contain your personal information. In the event there is an ‘eligible data breach’ relating to your personal information we will notify you in accordance with Australian privacy legislation. An eligible data breach occurs when there is unauthorised access to, unauthorised disclosure of, or a loss of, your personal information that we hold, and that event is likely to result in serious harm to you.
Your consent to use your CDR data expires after 12 months after it has been provided, unless you withdraw it earlier.
If you provide consent to share your CDR data, you can withdraw this consent at any time using the available methods provided by our service. We will action a request from you to withdraw consent as soon as possible but, in any event, within two business days of receiving the request. You will receive confirmation of consent removal.
If you withdraw your consent for us to collect and use your CDR data, this will mean that any third parties that you have previously authorised to access your CDR data, will no longer have access to your CDR data. This has the potential to impact on any services or credit you may be seeking to obtain.
Under the CDR regime, the Bank has obligations to destroy, delete or de-identify any redundant CDR data that it holds, for example, after your CDR data has been provided to an Data Recipient, in accordance with your consent.
When data is no longer required, or you withdraw your consent to share, or your consent expires, it will be deleted. We ensure the data is deleted using best industry practices and with all expected security controls applied.
We take all reasonable steps to ensure that the information we collect, use or disclose is accurate, complete and up to-date. You have the right to request us to correct your CDR data if it is inaccurate, out-of-date or incomplete.
If you have identified an error with your CDR data, you can seek correction by notifying staff in branch, or by contacting us as follows:
We will acknowledge receipt of your request as soon as practicable and aim to correct any agreed errors with your consumer data within 10 business days of receipt of your request. As soon as practicable after that date, we will send you a written response confirming how we have dealt with your request, which will include our reasons for not correcting the data (if relevant) and details of the complaint process available to you to escalate the matter if you are not satisfied with our response.
We encourage you to advise us as soon as there is a change to your contact details, such as your phone number or address. We will deal with your request to correct your information in a reasonable time. If your request to correct your information relates to information which has been provided to us by a Credit Reference Bureau (CRB) or another credit provider, we may need to consult with them about your request. We will correct information, where we decide to do so, within 30 days of your request, or longer if you agree.
When you make a complaint to us, we will:
If we are unable to provide a final response to your complaint within 30 days, we will:
The possible resolutions available to you will depend on the nature of your complaint. When attempting to resolve your complaint, we may consider the following possible options, but not limited to:
Step 1 – Contact us: If you have a complaint about how we manage your CDR data, you can make a complaint by notifying staff in branch, completing the online form on our websites, or by contacting:
To make a complaint, you will need to provide your customer details (member number), contact details and the nature of your complaint. It will also be useful if you can provide details of the outcome you desire to satisfactorily resolve your complaint.
Step 2 – Member Advocate: Sometimes, a complaint is complex or requires a more detailed investigation than your local branch or a Member Services Consultant is able to provide. If this is the case, your complaint may be referred to our Member Advocate for specialist assistance.
If you have tried to resolve your complaint at your branch or through the general enquiries team and are not satisfied with the outcome, you may also contact our Member Advocate by:
Step 3 – External review: If you are not satisfied with our response, or how we have handled your complaint, you can contact:
|Australian Financial Complaints Authority
GPO Box 3
Melbourne VIC 3001
1800 931 678
|Office of the Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001
1300 363 992
Either of these entities may forward your complaint to another external dispute resolution body if they consider that the complaint would be better handled by that other body.
We'd like to use your current location
For a more localised experience please enter your location below...
Set your location for a more localised experience.