Consumer Data Right
The Consumer Data Right (CDR) aims to give you more choice and control over how your data is shared. It allows you to ask for your data to be securely transferred to an accredited provider so you can investigate, compare and access services more easily.
CDR law gives you rights to request access to:
- the data Volt Bank Limited (Volt, we, us, our) holds about you and your use of banking products (consumer data); and
- information about our products (product data).
More information about CDR can be found on the Consumer Data Right website.
About this CDR Policy
This policy tells you how:
- we manage consumer data we hold about you; and
- you can make enquiries or complaints about how we manage that consumer data.
Also, you can ask us to send a copy of the policy to you by electronic means or in the post.
Consumer data may be information from which you are reasonably identifiable. If that is the case, the consumer data will also be ‘personal information’ for the purposes of privacy law.
The types of information for which requests (data requests) can be made under CDR are being introduced in stages.
Information on the timeline for the rollout of the consumer data you can request is available on the Consumer Data Right website.
The Open Banking law gives data holders an option as to whether they will disclose information (voluntary data) that is not consumer data or product data on a data request.
We have decided not to make voluntary data available.
For the time being, you can authorise certain financial institutions or other organisations to make data request to us to disclose consumer data, we hold about you, to them on your behalf.
We can make those disclosures only if the financial institution or organisation is accredited under CDR law (an accredited person).
Each accredited person must have a CDR policy that tells you how they manage the consumer data they collect on your behalf.
Responding to data requests - authorisation
We will only disclose consumer data about you under CDR if we receive a data request that you have authorised.
That data request will come from an accredited data recipient (accredited organisation), whose service you have chosen to use. The accredited organisation will seek your consent to share the data that Volt holds about you.
When you give your consent to the accredited organisation, you’ll be taken securely to Volt to confirm your consent and authorise us to share your data.
You confirm your consent in three steps:
- You will need to enter your Volt customer number on the Volt data sharing portal. You can find this in your Volt app by going to Settings and choosing Data sharing.
- Once you’ve entered your Volt customer number, we will send you a One Time Password (OTP) to the mobile number that you have registered with us.
- You will be able to select the Volt accounts that you want to share, and review/confirm the details that you want to share.
After you confirm your consent and authorise the data sharing, you are taken back to the accredited organisation where you started.
We will maintain a consent dashboard (dashboard) in the Volt data sharing portal that you can use to manage (including revoking your consent) and view details of authorisations you gave to accredited persons to make data requests on your behalf. If you are unable to use the dashboard, you can contact Customer Care for assistance, using the details below.
When we may refuse a data request
We may refuse to seek your authority to disclose consumer data in response to a data request if:
- we consider that our refusal is necessary to prevent physical or financial harm or abuse;
- we have reasonable grounds to believe that disclosing some or all of the consumer data would adversely impact the security, integrity or stability of the CDR system;
- if the consumer data relates to an account that is closed, blocked or suspended; or
- in any other circumstance in which CDR law requires us to refuse your authority.
If we refuse to seek your authority, we will inform the accredited person that made the data request.
Responding to data requests – notice of disclosure
We will notify you as soon as we practically can when you authorise, or revoke a data sharing consent and at the time your consent expires.
If we disclose consumer data to an accredited person as a result of a data request, we will update your consent dashboard as soon as we practically can to indicate:
- the consumer data we disclosed;
- when we disclosed that consumer data; and
- the accredited person to whom we made the disclosure.
You can access your consent dashboard by going to Data sharing, located under Settings in the Volt app to view any data sharing consents that you’ve created, see when they expire and revoke any consents that you want to end before their expiry date.
How to access consumer data about you
You can ask for access to:
- consumer data we hold about you;
- authorisations you gave us to disclose consumer data;
- disclosures of consumer data we made in response to data requests made on your behalf; and
- data relating to any complaints you make about our management of consumer data or compliance with CDR law.
If you ask us to correct consumer data that we have disclosed previously under a consumer request, we will:
- acknowledge receipt of your request as soon as practicable;
- correct that data within 10 business days after receiving your request, if we consider it necessary or appropriate to do so, or:
- include a statement with the data to ensure that the data is accurate, up-to-date, complete and not misleading; and
- where practicable, attach an electronic link to a digital record of the data in a way that ensures the statement is apparent to any users of the data; and
- notify you, by email, of:
- the action we took to respond to your request;
- any reason why we consider a correction or statement is unnecessary or inappropriate; and
- how you can make a complaint about the action we took or any reason we give you for not correcting, or adding a statement to, consumer data at your request.
We will not charge you for correcting or associating a statement to consumer data.
Correcting personal information
How to make a complaint
- have a complaint about the way we manage the consumer data we hold about you; or
- consider we have failed to comply with CDR law,
we invite you to email us with as much details as you can to firstname.lastname@example.org
To assist us to resolve your complaint as quickly as possible, we ask that you include:
- enough information to identify you;
- details of how we can contact you;
- give us any relevant identification or reference number;
- a description of the consumer data in relation to which you are making a complaint;
- the particular action, we took with respect to your consumer data, that is the subject of your complaint;
- the date of our action;
- if you consider we breached this CDR Policy, the particulars of this CDR Policy you claim we breached in undertaking that action;
- any losses or other damage you reasonably consider you incurred as a result of our action;
- any steps you want us to take to resolve your complaint;
- if you consider we breached CDR law, the particular provisions of that law you consider we breached; and
- how you consider we breached those provisions.
We encourage you to include any other information that you consider relevant to your complaint.
- acknowledge receipt of your complaint as soon as practicable (within 24 hours); and
- do our best to investigate and resolve your complaint in a manner satisfactory to you within 30 days (resolution period) after receiving your request.
Your complaint will be investigated as soon as practicable by internal stakeholders including: our Customer Care team; our privacy officer; and our executive responsible for data management. We will:
- keep you informed of the steps we are taking towards resolving your complaint; and
- notify you if we cannot resolve your complaint within the resolution period.
If our investigations indicate that your complaint is justified or that we have breached the CDR, we will consult with you to determine redress for our conduct, which may include, where appropriate:
- correcting CDR data about you;
- apologising to you for our conduct; or
- if you incur a loss and it was our fault, paying you compensation to the extent we caused your loss.
- you do not agree with how we propose to resolve your complaint; or
- we do not resolve your complaint within the resolution period,
you can take your complaint to the Australian Financial Complaints Authority (AFCA) or the Office of the Australian Information Commissioner (OAIC).
You can lodge a complaint with AFCA by visiting the AFCA website at www.afca.org.au
You can make a complaint to the OAIC by using the privacy complaint form available at www.oaic.gov.au/consumer-data-right/cdr-complaints/ and submitting it online, by post or fax.
It is free to make a complaint to us, AFCA or the OAIC.
We invite any comments you would like to make on our CDR Policy. Please send any comments to email@example.com
This CDR Policy is dated 9 June 2021. We will review our CDR Policy regularly and at least annually to ensure it is up-to-date.
Our Customer Care team are ready to help you with any enquiries. The quickest way to contact Volt Customer Care is through the Volt app, by going to Settings and choosing Contact Volt under Support.
If you are unable to log into the Volt app, you can contact Customer Care on 13 VOLT (13 8658) if you’re in Australia. If you’re overseas, you can reach us at +61 2 8294 8474. Our line is open from Monday to Friday, from 8 am to 8 pm Sydney time.
To write to us on anything about data sharing or Open Banking, please email us at firstname.lastname@example.org