This Is the Verifier CDR Policy

Effective date: 8 August 2023

What we do

We provide services to our customers, using personal data collected securely, and in accordance with the rules defined by the Consumer Data Right (CDR).

This policy tells you how we handle and manage your personal data under the CDR law.

About CDR

The CDR gives you control over personal data and enables you to send that data to others – to help you obtain their products or services. For example, you may choose to share your data that is held by a current service provider to you (perhaps your bank) with another financial institution if you are applying for a loan from that institution.

Under the CDR, the collection and use of your personal data, and who it is shared with, are with your full consent, knowledge and control.

Collecting your personal data

With your consent, we will collect your data in a one-time collection.

We may collect the following classes of data (click each data class to view the detailed fields we collect):

  • Name, occupation, contact details

    • Name

    • Occupation

    • Phone

    • Email address

    • Mail address

    • Residential address

    Account Information

    • Name of account

    • Type of account

    • Account number

    • Account balance

    Transaction Details

    • Incoming & outgoing transactions

    • Amounts

    • Dates

    • Descriptions of transactions

    • Who you have sent money to and received money from (e.g. their name, BSB, account number)

  • Concessions and assistance

    • Concession type

    • Concession Information

    Account and plan details

    • Account and plan information

    • Account type

    • Fees, features, rates and discounts

    • Additional account users

    Billing payments and history

    • Account balance

    • Payment method

    • Payment status

    • Charges, discounts, credits

    • Billing date

    • Usage for billing period

    • Payment date

    • Invoice number

    Electricity connection and meter

    • National Meter Identifier (NMI)

    • Supply address

    • Customer type

    • Connection point details

    • Meter details

    • Associated service providers

    Energy generation and storage

    • Generation information

    • Generation or storage device type

    • Device characteristics

    • Devices that can operate without the grid

    • Energy conversion information

    Electricity usage

    • Usage

    • Meter details

You’re in the driver’s seat

You can review your consent, and a summary of your data we obtained from your nominated accounts in our secure dashboard, which you can access via our website: www.verifier.me

You can also withdraw your consent, at any time, by using our secure dashboard.

What we do with your personal data

With your consent, we may use your data:

  • to categorise that data and enrich it to generate useful insights, and to give us assurance that our algorithms used to do that are operating correctly (this is a one-time use for up to 4 days);

  • to format it and provide you the ability to download it;

  • for our internal research purposes to help us improve our services (this is a use for up to 3 months).

Who we share your personal data with

With your consent:

  • we share only the insights we create from your personal data with a person who is not accredited in accordance with the CDR law. We will not share any account balances or individual transactions with a non-accredited person, and

  • we share the insights we create with a person who is accredited in accordance with the CDR law. We may also share account balances and individual transactions with an accredited person.

We will:

  • not sell your personal (identified) data to anyone

  • not share your personal (identified) data with any third party without your consent

  • with your consent, de-identify your data when the consent you have given us to use your personal data has expired.

If you have given us your consent to de-identify your data when we no longer need it, you can withdraw that consent at any time before the consent expires by using our secure dashboard. We will delete your data when we no longer need it if you withdraw your consent to de-identify the data.

What we do with your de-identified data

When we de-identify your data we do so by removing your name and other identifying information, leaving only a reference to the type of transaction, so there is no record left of you. We will include your de-identified data in the set of data that we use for general research.

Once we have de-identified your data and added it to our data set, you will not be able to ask us to delete it.

Our outsourced service provider

To enable us to provide our services we use an Australian based, trusted third party service provider Basiq Pty Ltd, based in Manly, New South Wales. We use Basiq’s CDR Connect platform to collect CDR banking data, and to enrich that data. Basiq is accredited in accordance with the CDR law.

We hold all your data securely

Your data is stored in Australia. We have administrative, technical and physical safeguards designed to ensure the security, confidentiality and integrity of your data.

If a security breach occurs, we:

  • contain the breach promptly

  • investigate and assess the circumstances of the breach, and the risks and potential harm to affected customers

  • take action to reduce any risks of harm to affected consumers

  • notify affected consumers and, if required by law, notify the Australian Information Commissioner. If the breach is one that we are not required by law to notify to the Commissioner under the Notifiable Data Breach law, we may voluntarily notify the Commissioner of that breach

  • consider what actions we can take to prevent security breaches in the future

Accessing and correcting your data (or any other data about you)

If you think that any data we hold about you is incorrect, you can ask us to correct it by contacting us using the contact details below. Once we have assessed your request, we will tell you what we did in response to your request, any corrective action or comments. If you are not satisfied with our response, you may make a complaint to us.

How to contact us

If you are not satisfied in any way, please tell us so that we can try to resolve your concern promptly.

You can contact us:

We will respond to you as soon as is reasonably practical after you contact us.

Resolving concerns

You can make a complaint to us at any time. For the purpose of resolving your complaint we may ask for your personal information, including your name, contact information and the details of your complaint.

If you make a complaint, we will try to resolve it as promptly as possible.

We will:

  • acknowledge receipt of your complaint as soon as reasonably practical

  • resolve your complaint within 45 days (although our aim is to resolve it as promptly as possible)

  • contact you by phone or email to notify you of the outcome

If you are not satisfied with the outcome, you may lodge a complaint with the Australian Financial Complaints Authority.

Online: www.afca.org.au

Email: info@afca.org.au

Phone: 1800 931 678

Mail: Australia Financial Complaints Authority

GPO Box 3

Melbourne, VIC 3001

A hardcopy of this policy can be obtained by emailing contact@verifier.me