Skript CDR Policy

This Consumer Data Right (CDR) Policy (the Policy) explains how Skript Pty Ltd (Skript) can collect, use, hold and disclose your data that you consent to sharing with us. This ensures transparency and trust between all parties, as well as ensuring the quality, integrity and security of your personal information under applicable CDR legislation and Privacy Laws.

Please refer to the Privacy Policy on our website for more information on the management of your personal data.

 

1. What is the CDR?

The Consumer Data Right (CDR), or more commonly referred to as “Open Banking”, aims to provide greater choice and control for Australians over how their data is used and disclosed. The CDR gives you control on the data that you share with other banks and financial institutions. It helps you send your data to other companies with your full consent, knowledge and control in a secure way. The intention is to help you find the best products, prices, suitable and to help switch to new products and services.

Open Banking will allow you to ask that your data be sent to other banks, financial institutions and authorised organisations when you want to. You control who holds your data and how it is used.

 

2. Your Rights as a Consumer Regarding Your Data

As a consumer you have control over who you can share your data with. Data recipients are accredited by the ACCC and are subject to ongoing processes, internal dispute resolution, information security, service-level agreements, audit and other requirements by the Data Accreditation Body.

You may choose to share your data that is held by an existing data holder (for example, a banking institution) with an accredited data recipient (for example, another banking institution or a fintech).

 

3. Types of data you may share with us

Depending on the service being provided to you, you may be asked to share specific types of data. 

If you consent to do so, we will only use it for the purpose of providing access to your financial information to yourself, a trusted adviser, or to a third party with whom you choose to share your data, or for a purpose described under ‘Disclosure to third parties’ if you have consented to share your data with one of our CDR Representatives.

We may collect, hold, use and disclose the following types of data:

Account balance and details

  • Name of account

  • Type of account

  • Account balance

  • Account number

  • Interest rates

  • Fees

  • Discounts

  • Account terms

  • Account mail address

Transaction details

  • Incoming & outgoing transactions

  • Amounts

  • Dates

  • Descriptions of transactions

  • Who you have sent money to and received money from (e.g. their name)

Direct debits and scheduled payments 

  • Direct debits

  • Scheduled payments

Name, occupation and contact details

  • Name

  • Occupation

  • Phone

  • Email address

  • Mail address

  • Residential address

Organisation profile and contact details

  • Agent name and role

  • Organisation name

  • Organisation numbers (ABN or ACN)

  • Charity status

  • Establishment date

  • Industry

  • Organisation type

  • Country of registration

  • Organisation address

  • Mail address

  • Phone number

Payees

  • Names and details of accounts you have saved (e.g. their BSB and Account Number, BPay CRN and Biller code, or NPP PayID)

 

4. Granting and Managing Consent

Should you choose, you can consent to share your data with Skript, one of Skript’s CDR Representatives, or any other accredited data recipient of your choosing.

You are entitled to choose the following about sharing:

  • which data types should be collected, used and/or disclosed (for example, account balance and details, transaction details, etc.);

  • how long you will share your data for, whether one-off share or ongoing sharing;

  • which parties your data should be disclosed to; and

  • whether you opt in to receiving direct marketing relating to the data shared.

Consent may only last for a maximum of twelve (12) months, until the time that you withdraw consent, re-grant consent or the consent expires.

You may view and manage your consent in the consent dashboard, which we provide a link to in the email we send after you have granted a consent. You can also view and manage your consent directly with your data holder (i.e. your bank).

 

5. Withdrawing Consent

You may withdraw your consent at any time. You can withdraw your consent in multiple ways, including:

  • through the data recipient consent dashboard (i.e. with Skript);

  • through the data holder consent dashboard (i.e. with your bank); or

  • in writing to either party.

The consent revocation will be completed within two (2) business days if notified in writing. If revocation occurs through the consent dashboard, the dashboard will be updated in near real-time to reflect your change in consent status (for example, active, expired or withdrawn).

If the consent is withdrawn, we will delete your data.

If you withdraw your consent, the services provided to you by Skript or one of our CDR Representatives may cease.

 

6. Deletion of Your Data

The CDR Rules require that Skript adheres to the data minimisation principle, which requires that only the required data is held as long as needed.

When your consent expires, or when you withdraw your consent, Skript will delete your CDR data. Skript deletes your data by irretrievably destroying it.

 

7. Accessing and correcting your personal information

In most cases you will be provided with access to your own CDR data via the services offered by Skript or one of our CDR Representatives. However, you can always contact us to request a copy of your CDR data we, or one of our CDR Representatives, hold and use.

You can request correction of your data by contacting Skript through channels listed below.

Sufficient details must be provided in order to assess and correct the data that is incorrect.

 We will assess your request for correction within ten (10) business days and inform you via email of what Skript did in response to your request, any corrective action or comments, and the complaint mechanism available to you if you are not satisfied.

 

8. When we will notify you

Skript will notify you about each of the following events to give you transparency and control over your data sharing with us:

  • when you give consent to collect, use and/or disclose your CDR data, or when you amend or withdraw such a consent;

  • when your consent to collect, use and/or disclose your CDR data expires;

  • when we collect your CDR data;

  • when we disclose CDR data to another accredited person;

  • every 90 days where you have not interacted with our consent dashboard but we are still collecting your data; and

  • when we respond to a request from you to correct your data.

In the event of a data breach, for example someone gaining unauthorised access which results in loss of CDR data, we will notify you as soon as possible in order for you to take appropriate action if required.

 

9. Disclosure to third parties

Skript does not disclose your data to third parties without your explicit consent. 

You may consent to share your data with one of Skript’s CDR Representatives, as part of a product or service they are providing to you. 

Skript has the following CDR Representatives:

CDR Representative Name

Nature of goods and services provided by CDR Representative

Wrkr

Payroll, Superannuation and HR services

You can also see Skript’s CDR Representative arrangements on the CDR website.

If you consent for Skript to disclose your CDR data to a third party who is not a CDR Representative of Skript, you should check their data handling policies, such as their Privacy Policy, with them directly. The data these third parties receive may not be regulated as part of the CDR. This includes any Trusted Advisers with whom you choose to share your CDR data.

 

10. Where Your Data is Stored

Skript stores data in AWS data centres in Sydney and Melbourne. Skript does not use overseas service providers to store CDR data, or copies of CDR data.

If you have chosen for Skript to disclose your data to a third party, including a Trusted Adviser, you should check with them directly where your data will be stored and how it will be handled.

 

11. Making a Complaint

If, at any point, you believe that there has been a breach of the CDR rules by Skript or any of our CDR Representatives, or you have a general complaint on our services, please submit your complaint via email to complaints@skript.com.au

Please include the following information when submitting your complaint:

  • your name;

  • your contact details;

  • your preferred contact method of complainant (phone / email / letter); and

  • the details of your complaint.

A CDR complaint can be made at any time. Once your complaint is received, Skript will acknowledge receipt of the complaint as soon as possible, and at least within five (5) business days of being received.

Skript will investigate your complaint and attempt to provide you with a written response to resolve the complaint as soon as possible. This may take up to thirty (30) days of receipt of your complaint.

If your complaint remains unresolved after thirty (30) calendar days, you will be advised in writing that additional time is required to complete the investigation and to provide a response.

When the complaint is resolved, you will receive a ‘final response’ letter within forty-five (45) days, informing you of the final outcome of your complaint or dispute and your right to take your complaint or dispute to External Dispute Resolution. Some options for redress in response to complaints include:

  • an explanation of the circumstances giving rise to the complaint;

  • an apology;

  • provision of assistance and support;

  • a refund or waiver of a fee or charge;

  • correcting incorrect or out-of-date records;

  • changing the terms of a contract; and

  • undertaking to set in place improvements to systems, procedures or products. 

If your complaint remains outstanding within forty-five (45) days, Skript must write to you to:

  1. inform you of the reasons for the delay;

  2. specify a date when a decision can be reasonably expected;

  3. inform your of your right to take your complaint or dispute to an External Dispute Resolution; and

  4. if you are not satisfied with our response, you may lodge a complaint with the Australian Financial Complaints Authority.

We pride ourselves on always finding the best possible outcomes for our customers, but if you are not satisfied with the response, you may request that Skript internally review your complaint or dispute again. We will inform you of the outcome of this review within thirty (30) days.


If you are still not satisfied with the response, you have the right to lodge a complaint with the Australian Financial Complaints Authority.

Online: www.afca.org.au
Email: info@afca.org.au
Phone: 1800 931 678
Mail: Australia Financial Complaints Authority
GPO Box 3
Melbourne, VIC 3001


You may also submit your complaint to the Office of the Australian Information Commissioner (OAIC). 

Complaint form: Click here

You can find further information on how to submit a complaint to the OAIC on their website.

 

12. Contact Us

You can contact us in the following ways:

 

13. Last Reviewed

22 Feb 2024