Skript CDR Policy
This Consumer Data Right (CDR) Policy (the Policy) explains how Skript Pty Ltd (Skript) can collect, use, hold and disclose your data that you consent to sharing with us. This ensures transparency and trust between all parties, as well as ensuring the quality, integrity and security of your personal information under applicable CDR legislation and Privacy Laws.
Please refer to the Privacy Policy on our website for more information on the management of your personal data.
1. What is the CDR?
The Consumer Data Right (CDR), or more commonly referred to as “Open Banking”, aims to provide greater choice and control for Australians over how their data is used and disclosed. The CDR gives you control on the data that you share with other banks and financial institutions. It helps you send your data to other companies with your full consent, knowledge and control in a secure way. The intention is to help you find the best products, prices, suitable and to help switch to new products and services.
Open Banking will allow you to ask that your data be sent to other banks, financial institutions and authorised organisations when you want to. You control who holds your data and how it is used.
2. Your Rights as a Consumer Regarding Your Data
As a consumer you have control over who you can share your data with. Data recipients are accredited by the ACCC and are subject to ongoing processes, internal dispute resolution, information security, service-level agreements, audit and other requirements by the Data Accreditation Body.
You may choose to share your data that is held by an existing data holder (for example, a banking institution) with an accredited data recipient (for example, another banking institution or a fintech).
3. Types of data you may share with us
Depending on the service being provided to you, you may be asked to share specific types of data.
If you consent to do so, we will only use it for the purpose of providing access to your financial information to yourself, a trusted adviser, or to a third party with whom you choose to share your data, or for a purpose described under ‘Disclosure to third parties’ if you have consented to share your data with one of our CDR Representatives.
We may collect, hold, use and disclose the following types of data:
Account balance and details
Name of account
Type of account
Account balance
Account number
Interest rates
Fees
Discounts
Account terms
Account mail address
Transaction details
Incoming & outgoing transactions
Amounts
Dates
Descriptions of transactions
Who you have sent money to and received money from (e.g. their name)
Direct debits and scheduled payments
Direct debits
Scheduled payments
Name, occupation and contact details
Name
Occupation
Phone
Email address
Mail address
Residential address
Organisation profile and contact details
Agent name and role
Organisation name
Organisation numbers (ABN or ACN)
Charity status
Establishment date
Industry
Organisation type
Country of registration
Organisation address
Mail address
Phone number
Payees
Names and details of accounts you have saved (e.g. their BSB and Account Number, BPay CRN and Biller code, or NPP PayID)
4. Granting and Managing Consent
Should you choose, you can consent to share your data with Skript, one of Skript’s CDR Representatives, or any other accredited data recipient of your choosing.
You are entitled to choose the following about sharing:
which data types should be collected, used and/or disclosed (for example, account balance and details, transaction details, etc.);
how long you will share your data for, whether one-off share or ongoing sharing;
which parties your data should be disclosed to; and
whether you opt in to receiving direct marketing relating to the data shared.
Consent may only last for a maximum of twelve (12) months, until the time that you withdraw consent, re-grant consent or the consent expires.
You may view and manage your consent in the consent dashboard, which we provide a link to in the email we send after you have granted a consent. You can also view and manage your consent directly with your data holder (i.e. your bank).
5. Withdrawing Consent
You may withdraw your consent at any time. You can withdraw your consent in multiple ways, including:
through the data recipient consent dashboard (i.e. with Skript);
through the data holder consent dashboard (i.e. with your bank); or
in writing to either party.
The consent revocation will be completed within two (2) business days if notified in writing. If revocation occurs through the consent dashboard, the dashboard will be updated in near real-time to reflect your change in consent status (for example, active, expired or withdrawn).
If the consent is withdrawn, we will delete your data.
If you withdraw your consent, the services provided to you by Skript or one of our CDR Representatives may cease.
6. Deletion of Your Data
The CDR Rules require that Skript adheres to the data minimisation principle, which requires that only the required data is held as long as needed.
When your consent expires, or when you withdraw your consent, Skript will delete your CDR data. Skript deletes your data by irretrievably destroying it.
7. Accessing and correcting your personal information
In most cases you will be provided with access to your own CDR data via the services offered by Skript or one of our CDR Representatives. However, you can always contact us to request a copy of your CDR data we, or one of our CDR Representatives, hold and use.
You can request correction of your data by contacting Skript through channels listed below.
Sufficient details must be provided in order to assess and correct the data that is incorrect.
We will assess your request for correction within ten (10) business days and inform you via email of what Skript did in response to your request, any corrective action or comments, and the complaint mechanism available to you if you are not satisfied.
8. When we will notify you
Skript will notify you about each of the following events to give you transparency and control over your data sharing with us:
when you give consent to collect, use and/or disclose your CDR data, or when you amend or withdraw such a consent;
when your consent to collect, use and/or disclose your CDR data expires;
when we collect your CDR data;
when we disclose CDR data to another accredited person;
every 90 days where you have not interacted with our consent dashboard but we are still collecting your data; and
when we respond to a request from you to correct your data.
In the event of a data breach, for example someone gaining unauthorised access which results in loss of CDR data, we will notify you as soon as possible in order for you to take appropriate action if required.
9. Disclosure to third parties
Skript does not disclose your data to third parties without your explicit consent.
You may consent to share your data with one of Skript’s CDR Representatives, as part of a product or service they are providing to you.
Skript has the following CDR Representatives:
CDR Representative Name
Nature of goods and services provided by CDR Representative
Wrkr
Payroll, Superannuation and HR services
You can also see Skript’s CDR Representative arrangements on the CDR website.
If you consent for Skript to disclose your CDR data to a third party who is not a CDR Representative of Skript, you should check their data handling policies, such as their Privacy Policy, with them directly. The data these third parties receive may not be regulated as part of the CDR. This includes any Trusted Advisers with whom you choose to share your CDR data.
10. Where Your Data is Stored
Skript stores data in AWS data centres in Sydney and Melbourne. Skript does not use overseas service providers to store CDR data, or copies of CDR data.
If you have chosen for Skript to disclose your data to a third party, including a Trusted Adviser, you should check with them directly where your data will be stored and how it will be handled.
11. Making a Complaint
If, at any point, you believe that there has been a breach of the CDR rules by Skript or any of our CDR Representatives, or you have a general complaint on our services, please submit your complaint via email to complaints@skript.com.au
Please include the following information when submitting your complaint:
your name;
your contact details;
your preferred contact method of complainant (phone / email / letter); and
the details of your complaint.
A CDR complaint can be made at any time. Once your complaint is received, Skript will acknowledge receipt of the complaint as soon as possible, and at least within five (5) business days of being received.
Skript will investigate your complaint and attempt to provide you with a written response to resolve the complaint as soon as possible. This may take up to thirty (30) days of receipt of your complaint.
If your complaint remains unresolved after thirty (30) calendar days, you will be advised in writing that additional time is required to complete the investigation and to provide a response.
When the complaint is resolved, you will receive a ‘final response’ letter within forty-five (45) days, informing you of the final outcome of your complaint or dispute and your right to take your complaint or dispute to External Dispute Resolution. Some options for redress in response to complaints include:
an explanation of the circumstances giving rise to the complaint;
an apology;
provision of assistance and support;
a refund or waiver of a fee or charge;
correcting incorrect or out-of-date records;
changing the terms of a contract; and
undertaking to set in place improvements to systems, procedures or products.
If your complaint remains outstanding within forty-five (45) days, Skript must write to you to:
inform you of the reasons for the delay;
specify a date when a decision can be reasonably expected;
inform your of your right to take your complaint or dispute to an External Dispute Resolution; and
if you are not satisfied with our response, you may lodge a complaint with the Australian Financial Complaints Authority.
We pride ourselves on always finding the best possible outcomes for our customers, but if you are not satisfied with the response, you may request that Skript internally review your complaint or dispute again. We will inform you of the outcome of this review within thirty (30) days.
If you are still not satisfied with the response, you have the right to lodge a complaint with the Australian Financial Complaints Authority.
Online: www.afca.org.au
Email: info@afca.org.au
Phone: 1800 931 678
Mail: Australia Financial Complaints Authority
GPO Box 3
Melbourne, VIC 3001
You may also submit your complaint to the Office of the Australian Information Commissioner (OAIC).
Complaint form: Click here
You can find further information on how to submit a complaint to the OAIC on their website.
12. Contact Us
You can contact us in the following ways:
By email at hello@skript.com.au
Using the contact form at https://www.skript.com.au/
13. Last Reviewed
22 Feb 2024
