CDR Policy

Overview

This Consumer Data Right (CDR) Policy (the policy) provides information about how Fiskil manages data under the Consumer Data Right (CDR). Specifically, this policy explains how Fiskil can collect, use, hold and disclose your data that you consent to sharing with us. This ensures transparency and trust between all parties, as well as ensuring the quality, integrity and security of your personal information under applicable CDR legislation and Privacy Laws.

Please refer to the Fiskil Privacy Policy on our website for information on how Fiskil collect, use, hold and disclose your personal information, as well as ensure the quality, integrity and security of your personal information under applicable Privacy Laws more generally, Fiskil is an Accredited Data Recipient under the CDR framework. This means that Fiskil has been accredited by the Australian Competition and Consumer Commission (ACCC) to receive your data from your Energy provider, bank or other financial institution – only after you have given your consent. This Consumer Data Right (CDR) Policy (the policy) provides information about how Fiskil manages data under the Consumer Data Right (CDR). Specifically, this policy explains how Fiskil can collect, use, hold and disclose your data that you consent to sharing with us. This ensures transparency and trust between all parties, as well as ensuring the quality, integrity and security of your personal information under applicable CDR legislation and Privacy Laws.

Fiskil partners with various Fiskil approved partners (Partners) who, with your consent, may request Fiskil to collect and provide them with your data to enable them to provide their services and/or products to you. Fiskil’s Partners can only use or disclose your data in accordance with your instructions. This Consumer Data Right (CDR) Policy (the policy) provides information about how Fiskil manages data under the Consumer Data Right (CDR). Specifically, this policy explains how Fiskil can collect, use, hold and disclose your data that you consent to sharing with us. This ensures transparency and trust between all parties, as well as ensuring the quality, integrity and security of your personal information under applicable CDR legislation and Privacy Laws.

Fiskil’s partners include entities that Fiskil partners with who are not accredited under the CDR framework (CDR Representatives). Fiskil’s CDR Representatives are listed in Annexure 1 of this CDR Policy.

Data you may share with Fiskil

You can consent to share your data with Fiskil or other CDR regulated customers (accredited persons).

Fiskil will only collect, hold and use your CDR data for the purpose of providing it to another participant that you have consented to share it with, potentially including one of our CDR Representatives

The types of CDR data we may ask you to share will depend on the service being provided to you. We will always clearly explain which types of data we need and why we require it before asking you to share any of your data. You may withdraw your consent at any time although this action may affect our ability to provide our services to you.

Fiskil adheres to the data minimisation principle, we only collect data necessary to provide a specified product or service to you. As an unrestricted Accredited Data Recipient, Fiskil operates within all designated CDR sectors and is therefore permitted to collect any of the following types of data having first secured appropriate consumer consent.

You can share the following CDR Data with us:

Banking Data

Account details:

  • product category, account type and product name (e.g. transaction accounts, savings accounts, term deposits, overdrafts and business finance and mortgage accounts)
  • BSB and account number / masked number
  • account nickname
  • account status
  • account holder / display name
  • account owner (true / false)
  • account meta data (e.g. credit cards, term deposits, loans)
  • interest rates
  • account mail address
  • fees
  • discounts

Transaction details:

  • status (pending / posted)
  • incoming & outgoing transactions
  • amounts
  • dates
  • descriptions of transactions
  • account names for accounts you have sent money to and received money from

Balance details:

  • current balance
  • available funds

Name, occupation and contact details:

  • Name
  • Occupation
  • Phone
  • Email address
  • Mail address
  • Residential address

Organisation profile and contact details:

  • Agent name and role
  • Organisation name
  • Organisation numbers (ABN or ACN)
  • Charity status
  • Establishment date
  • Industry
  • Organisation type
  • Country of registration
  • Organisation address
  • Mail address
  • Phone number

Direct debits and scheduled payments :

  • Direct debit authorisations
  • Scheduled, outgoing payments

Payees

  • Names and details of saved payee accounts

Energy Data

Concessions and assistance:

  • Concession type
  • Concession information

Account and plan details:

  • Account and plan information
  • Account type
  • Fees, features, rates and discounts
  • Additional users

Payment preferences:

  • Payment and billing frequency
  • Any scheduled payment details

Billing payments and history:

  • Account balance
  • Payment method
  • Payment status
  • Charges, discounts, credits
  • Billing data
  • Usage for billing period
  • Payment date
  • Invoice number

Electricity usage:

  • Usage
  • Meter details

Electricity connection:

  • National Meter Identifier (NMI)
  • Customer type
  • Connection point details

Electricity meter:

  • Supply address
  • Meter details
  • Associated service providers

Energy generation and storage:

  • Generation information
  • Generation or storage device type
  • Device characteristics
  • Devices that can operate without the grid
  • Energy conversion information

Your Rights as a Consumer

Overall Rights

As a consumer you have control over who you share your data with.

Any recipient of data is regulated by the ACCC and must meet requirements like

  • Continuous quality monitoring
  • Internal dispute resolution;
  • Information security measures;
  • Service level agreements;
  • Audits; and
  • Other stipulations in place by the Data Accreditation Body.

You may choose to share your data that is held by an existing data holder (like a banking institution or Energy Provider) with an accredited data recipient (like another banking institution, Energy retailer or fintech).

We will only use your data for the purpose you have agreed to, and we will delete it after it has been used for that purpose. Fiskil does not hold any redundant data.

How we collect your CDR Data

When you request a service from a Fiskil Partner and provide your consent, Fiskil facilitates the provision of that service by the Partner. Fiskil collects your CDR Data for this purpose directly from yourEnergy provider, bank or other financial institution via an application programming interface (API). The types of services that will involve the collection of your CDR Data (with your consent) include:

  • Personal Financial Management: your CDR Data is aggregated, enriched and demystified to provide a single view of your finances across each of your banks.
  • Spending Insights: your CDR Data is analysed to provide insights into spending, including the category of spend.
  • Income Insights: your CDR Data is analysed to identify your income streams including surfacing patterns around regularity and stability.
  • Affordability Report: insights above are presented in an easy to read PDF report.

When we can share your CDR Data

  • When you request a service from a Partner and provide your consent, Fiskil will support the provision of that service and share your CDR Data with the Partner as reasonably necessary for that purpose.
  • When we share your CDR data with Partners, they are required to operate in accordance with CDR controls and privacy protections.

Consent Management

You have rights to decide which data types you will share, such as profile, payments, transaction, or product information; how long you will be sharing, whether it is a one-time sharing or an ongoing process; and whether you want to receive marketing material based on the data you have shared.

Consent can only last for a maximum of twelve (12) months, After 12 months your consent expires and you can either re-confirm your consent or explicitly withdraw your consent. If you don’t actively state your preference, your consent will automatically be withdrawn..

You are able to review, modify or withdraw any CDR consent you have provided through the relevant Partner application. You can also withdraw your consent by contacting us in writing, or via the data holder consent dashboard (provided by your Energy provider, bank or other financial institution).

Your consent can be withdrawn at any time, in several ways, such as by using the dashboard that the Data Recipient uses to gain consent, the one that the Data Holder uses, or via a letter.

With written notification, the revocation must be completed within two business days. Your change in consent status (for example, active, expired, or withdrawn) will be reflected in the consent dashboard in near real-time. Fiskil will remove your data if you revoke your consent.

Consent notifications

You’ll receive a notification every 90 days to confirm the data you have shared, the expiry date and other information regarding your consent. You’ll also receive a notification with a summary of these details any time you

  • You provide consent for the collection, use or disclosure of your data;
  • You amend your consent;
  • You withdraw your consent; or
  • Manage consent - If you ever make changes to your CDR data sharing preferences with Fiskil (e.g., adding or removing data points), you'll be notified to confirm the updated details.
  • Withdraw consent; or
  • Have consent that is expired.

You may not opt out of these notifications at any time.

Withdrawing Consent

You can withdraw your consent at any time and we will stop collecting, using or disclosing your CDR Data for the agreed purpose.

Correction of your Data

If any data that you share with Fiskil is incorrect, you can request correction of your data by

contacting us

. You can also ask the Data Holder (the business you authorise to share data with us) for access to your CDR data and, if required, to correct it. Erroneous data must be provided for data analysis and data correction. Fiskil will, upon notification by phone or email, update the consumer dashboard with the request and notification of the corrective action, if applicable.

Where applicable, all notices are emailed out via the consumer's dashboard. The notice lists Fiskil's response to the request, any action taken, and any options for resolving any dissatisfaction that the consumer may have.

No fee will be charged in connection with such a correction request.

You may make a complaint if you are not satisfied with our response to your request to correct your data.

Data Deletion

Fiskil must obey the rules of data minimisation, which requires that a data recipient can only ask you for data that is absolutely necessary and can only hold it for the minimum amount of time it is needed to provide their service.

Any time you give consent to a data recipient, you can also request that your CDR data, and any data derived from it, be deleted as soon as it becomes redundant. This can be managed when you first give consent or at any time your consent status is active.

We will only use your data for the purpose you have agreed to, and we will delete it after it has been used for that purpose. Fiskil does not hold any redundant data.

Fiskil will will automatically irretrievably destroy your data within seconds of any of the following events:

  • your consent expires;
  • you stop sharing data with us before consent expires via an election on your consent dashboard;
  • you request data sharing to stop via the data holder that provided your data;
  • an accredited person requests that we delete your data; or
  • you notify Fiskil in writing that you withdraw your consent, by sending an email to

    support@fiskil.com.au

    .

When any of these events occur, we will delete all the data you shared with us from our systems, unless it is required to be held by law.

Fiskil will retain records that are required by the CDR Regime to allow us to track activities such as consents, consent withdrawal and data sharing in accordance with our obligations under the CDR Regime. We will delete these records at the end of six years as required.

Some goods and services we provide require your active consent. If you withdraw your consent, we may no longer be able to provide you with those goods and services.

When you withdraw data sharing consent or your consent expires, we will also automatically notify any CDR Representatives with whom your data has been shared and require them to irretrievably destroy your data as well. Deletion by third parties is managed through contracts and regular attestations. Fiskil will from time to time Audit their CDR Representatives to ensure compliance with information security and data deletion requirements.

Data Disclosure

To ensure customer control over their data, Fiskil does not provide information to third parties to engage in direct marketing. This means that:

  • Fiskil does not share or use your personal data (including banking data) for commercial purposes.

  • Fiskil does not provide personal banking data to non-accredited or accredited individuals, regardless of their location.

  • Fiskil does not release your data to anyone. If these arrangements change, this list will also be adjusted using the outsourcing arrangements.

Outsourced Service Providers

Fiskil does not provide CDR data to any outsourced providers. Fiskil develops and maintains its own software for use with banking data collected under the CDR Rules.

Data Storage Locations

Your data is onshore and only resides in Australia. Storage policies from outsourced parties will be used for this list's maintenance.

Events for notifying you

Fiskil maintains a Data Breach Response Plan. In the event of a data breach (such as where an unauthorised party accesses your CDR Data, we will notify you as soon as practical. This is so you can take action to mitigate any potential damage or loss caused by the data breach.

If a security breach occurs, we will:

  • Contain the data breach to prevent any further leak of personal information;

  • Investigate the data breach by gathering the facts and taking action to reduce any risk of harm;

  • Notify the Commissioner if the breach is an ‘eligible data breach’ under the Notifiable Data Breach scheme; and

  • Review the incident and improve our processes, policies and controls to prevent future breaches.

Complaint Management and Dispute Resolution

If you have a question or complaint about how your personal information is being handled by us or our Partners or supporting parties, please contact us at any time by using the contact details below. Our internal dispute resolution process is easy to access and is free of charge.

How do I get in touch?

  • Email: By emailing our Complaints Officer on

    complaints@fiskil.com.au

  • By writing Level 38/345 Queen St, Brisbane City QLD 4000

What information should I include?

Please include the following details when you contact us with your complaint - this will help us to assist you faster

  • We recommend you include the word 'complaint' in the heading or subject line

  • Include your name, contact details and date

  • Set out the problem(s) clearly

  • Include copies of relevant documents

  • Include expected remedy for the complaint

  • Timeline of events can help provide context around your issue

Here at Fiskil, we are committed to providing you with the best possible customer experience. Telling us when you are unhappy is important to us as it means we have an opportunity to put things right and improve the service we offer to you in the future.

How long will it take to get a response?

  • We will acknowledge the receipt of complaints or disputes and address them promptly in accordance with their degree of urgency

  • Some complaints can be resolved very quickly, our aim to to provide a initial response to complaints with 7 days

  • We will continue to communicate relevant information during the resolution process and will let you know after 14 days if the issue is complex and requires more time

  • We will aim to have your complaint resolved in a timely manner, but in some cases, this may take up to 45 days, this would be very unusual circumstances, as a written response

  • In circumstance where we are unable to respond to a complaint or dispute with 45 days,we will provide an ‘IDR delay notification” and advise you on the reason for the delay or provide you with information on your right to complain to the Australian Financial Complaints Authority (AFCA) - (details below in External Dispute Resolution (EDR) Process)

  • Frequently, complaints are simply cases of confusion or misunderstanding which can be sorted out to everybody’s satisfaction very quickly.

You will receive status updates throughout this process, for example, when we receive your complaint, when it is under investigation and when it has been resolved. If you would like further updates, you can contact us on the details provided above to check the status of your complaint. If you submit the same complaint multiple times, our team will inform you that the same complaint is already open and share an update on that case as well as the case number via email.

If we require more time, we will notify you in writing in relation to any additional time required to complete our investigation for resolution of your complaint, the reason for the delay, and on what date a decision can be reasonably expected.

Raising your issue with our Complaints Officer does not limit you from raising your issue at any time with external disputes schemes or relevant regulators.

What is the investigation process and remedies available to resolve complaints?

In the event of a complaint, the following guidelines should be followed:

  • The complaint is received via the Customer Success team and this team will provide the initial response including organising a meeting to talk through and better understand the issue - this team will include the relevant Fiskil team members in relation to the complaint

  • In the event of a security or data complaint, the Information Security Manager must be informed that a dispute exists

  • The assigned team members then define next steps and, where needed, legal advice will be obtained

  • Correspondence is in writing via email however there could also be a phone call, video call or in person meeting depending on the nature of the complaint

  • An assessment of the risk to Fiskil’s services and ISMS should be carried out where it makes sense prior to escalating any dispute, and contingency actions should implemented where needed

  • All conversations are logged and tracked to ensure processes are followed in-line with policy

  • A potential remedy could include a formal apology or a correction of details.

What will my complaint response include?

  • We will notify you by phone or email to notify you that the Internal Dispute Resolution (IDR) process has concluded

  • The response will include the final outcome of the complaint

  • Details of your right to take your complaint to AFCA (Australian Financial Complaints Authority) if you are unhappy with the decision at IDR

  • AFCA’s contact details and Fiskil’s membership details

  • Time limits to contact the AFCA or a link to AFCA website detailing when and if time limit relevant to your circumstances expires.

The External Dispute Resolution (EDR) Process

  • Should you not be satisfied with the IDR decision, you can initiate an EDR process with AFCA.

  • AFCA can resolve complaints that Fiskil can not resolve internally (IDR)

  • We are a member of the

    Australian Financial Complaints Authority

    (AFCA): AFCA Membership number for Fiskil Pty Ltd is 83521

  • You can contact AFCA on:

    Phone: 1800 931 678 (free call)

    Email: 

    info@afca.org.au

    Online: 

    www.afca.org.au

    Mail: Australian Financial Complaints Authority GPO Box 3 Melbourne VIC 3001

This process is in line with Regulatory Guide 267 Oversight of the Australian Financial Complaints Authority (RG267) detailing how ASIC will perform its oversight role in relation to AFCA.

Personal information can be the subject of a complaint under the Privacy Act to the Australian Information Commissioner (OAIC). All complaints must be submitted to the respondent organisation first. The organisation is given 30 days to handle the matter before a person may lodge a complaint to the OAIC.

The OAIC can be contacted at:

Office of Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001
Phone: 1300 363 992
Email:

enquiries@oaic.gov.au


www.oaic.gov.au

Sponsorship Arrangements

Fiskil is currently represented in the CDR Regime by the following entities:

Representative Name

Nature of the goods and services provided to customers
using CDR data

Solvingzero

SolvingZero provides personalised and actionable insights to help homeowners make the smartest decisions for their home energy

Nature Electric

Nature Electric is a comprehensive software-as-a-service platform designed to streamline and simplify an organization's transition to renewable energy. Nature Electric facilitates every stage of the energy journey, from initial assessment to full execution, emphasizing financial, organizational, and environmental impact.

Nature Electric is committed to providing a seamless experience, ensuring that your shift towards renewable energy sources is efficient, effective, and impactful.

Threadlet

Threadlet is a platform that automatically switches customers to the lowest electricity & gas rates every month at Zero Cost and all in one place, reducing admin time tendering and comparing prices, and have peace of mind you're never caught out on price hikes

Resly Pty Ltd

Resly is a 100% cloud-based platform. Built to be accessible from anywhere, at any time, on any device. Resly combines a powerful property management system, seamless channel manager and commission-free direct booking engine, in an easy-to-use platform. Hotels use Resly to reconcile their trust accounts.

Resly consumes CDR data via Fiskil's Banking API so the hotel can see their bank transactions and reconcile them against transactions in Resly.

Yondr Money Pty Ltd

Yondr Money is a technology driven fintech company based in Australia that offers an intelligent and streamlined, customer-first alternative to mainstream banks. The company has built a platform and intelligent app that combines behavioural science and machine learning, designed to improve customers’ financial literacy. Yondr offers its customers a multi-currency account with physical and virtual Visa cards accessible through its app. The products include Digital BSB & Account number Multi-currency wallet (AUD, USD, EUR, THB, GBP, JPY, HKD, SGD) Virtual Visa card Physical Visa card Apple & Google Pay Spend analytics In-app chat support (Australian based team) Push notifications and card controls & limits.

The app allows drilling down into the spending habits of consumers and building savings tools teaching them ways to save for their goals while helping them better understand where their money goes

DropShip Central Pty Ltd

DropShip Central is a resail/wholesale ERP solution, leveraging CDR data for bank reconciliations and balance verifications.

IO Energy Pty Ltd

IO Energy is a energy technology provider and retailer. They provide consumers with detailed analytics and comparisons of bills. They aim to reduce energy costs, help consumers better understand their energy usage and help consumers use cleaner energy. IO Energy uses Fiskil to access customer energy usage and billing data to provide accurate bill comparisons.

Powerpal

Powerpal is an Australian company that provides an energy-saving device that allows homeowners to track their energy consumption and reduce their energy bills. The device, which is installed on the electricity meter, sends real-time data to the user's smartphone or tablet, allowing them to monitor their energy usage and identify areas where they can save money. The Powerpal app also provides personalized tips and insights to help users reduce their energy consumption and environmental impact. Additionally, the company partners with electricity retailers to offer exclusive energy plans and discounts to its users.

Voltarocks

Voltarocks is an energy technology company that has developed a mobile application to help individuals and families take control of their energy usage and work towards energy independence. The company aims to empower users to create a positive impact on the environment by making energy-saving solutions accessible to everyone. The Voltarocks mobile application uses AI and machine learning to provide personalized energy-saving solutions for control of energy usage. It also provides access to grants and rebates to make energy-saving upgrades more affordable for users. The app offers fun and engaging energy-saving solutions through innovative technology and user-friendly interfaces. It aims to inspire conscious consumers committed to reducing their carbon footprint and create a sustainable future.

AGL Energy Services Pty Ltd

AGL Energy Services Pty Ltd, Electrify Now is a tool to help customers identify ways to save money on their energy bills and reduce their home’s carbon emissions. The tool allows customers to understand their personal energy bill and carbon savings if their home switched to solar, battery, heat pump hot water, reverse cycle space heating, induction cooktops or an electric vehicle (EV), with customers able to pick and choose which upgrade suits their budget and lifestyle. Customers are able to calculate the benefits of upgrading to more efficient energy products, customers enter their details into the Electrify Now platform, which uses their unique energy data and profile to calculate an estimated energy bill and carbon savings specific to that customer and their energy use.

Where possible, it also provides the payback period of their investment and connects customers to AGL’s network of third-party trusted installers to help kickstart their electrification journey.

N0de Pty Ltd

N0de’s mission is to turn an organisation's net zero ambition into action as fast and cost effectively as possible. Building of our deep expertise in Net Zero, and using the power of our software, we develop compelling Net Zero visions and action plans, empowering businesses with the confidence and internal support to overcome the barriers to net zero activation and unlock the many economic, social and environmental benefits that net zero transformation offers.

Fiskil logo

© Fiskil 2024. All rights reserved.