About this policy
‘We’, ‘us’ and ‘our’ refer to Nano Home Loans Pty Ltd (ACN 636 165 501) (Nano). Nano, as an accredited data recipient, provides services that can access your personal banking information via Open Banking.
This policy provides information on your rights under the Competition and Consumer Act 2010 and the Competition and Consumer (Consumer Data Right) Rules 2020 (CDR framework) which defines the rules for Open Banking.
This policy will explain what your CDR data is, how you can access your CDR data and how to make a complaint, if necessary.
What is the Consumer Data Right (CDR)?
The Consumer Data Right (CDR) is a law created by the CDR framework which provides consumers the right to access data relating specifically to the consumer (CDR data), together with allowing us to share your CDR data with others and correcting your CDR data. As an accredited data recipient, you may also ask us to collect your CDR data from a third party so our customers (Lenders) may have a better understanding of your financial position by seeing accounts you hold with other financial providers.
The CDR regime will essentially make it easier for you to compare products and services, access better value and assist in financial management.
Access to your consumer data
All data collected is done so with your consent. Nano (or a Lender we provide services to) provides a consent dashboard for the management of your consents which includes a receipt of the consent, its scope and duration. Once we have received your consent, we will ask you which accounts you wish to disclose to a Lender.
We will collect CDR data on behalf of Lenders and share your CDR data back to the Lenders and other financial institutions only when you allow us to do so, and we won’t charge a fee.. Your consent will remain valid for 12 months. Occasionally we may ask for your consent to renew the shared data.
We will only access CDR data as part of the software-as-a-service we provide Lenders and other financial institutions. Your data will only be stored on our systems for the minimum practical period required to process a loan application on behalf the Lenders. It is expected this will be a period of approximately 90 days. After this period, CDR data held by us will be de-identified for reporting and analytical purposes and any personally identifiable CDR data will be permanently deleted. Lenders will retain your CDR data on their own managed systems for the period of the loan as part of their lending obligations.
The type of CDR data that we collect includes information relating to:
- Repayments; and
- Account balances.
We will share your CDR data only with those organisations that have been accredited to receive CDR data, and/or if the request is eligible under the CDR regime. The CDR data is made available in a machine-readable form, through a specialised service that we provide.
For access to your CDR data at any time, you will need to contact the applicable Lender. Your consent can be withdrawn at any time. If you have asked us (or a Lender we provide services to) to stop, or the consent to share your CDR data has expired, we will delete the collected data, unless we are legally required to hold or keep copies of it.
Can I correct errors in my consumer data?
If any CDR data is inaccurate, out of date or misleading, we can correct the data that we hold about you during the application process by contacting us or the applicable Lender. Once your loan application has been completed, you will need to contact the applicable Lender to have this corrected.
If we receive a notice to correct, we will, within 10 business days of receiving your request, let you know in writing if we corrected your CDR data or notified the Lender to do so. We may also provide you with reasons as to why we thought a correction is unnecessary. If we can’t correct the CDR data, we will provide you with reasons and or direct you to the applicable Lender. If your request hasn’t been resolved to your satisfaction, you can lodge a complaint with us.
If you are dissatisfied with the handling of your CDR data, you may contact us and provide details of your complaint. We will acknowledge your complaint within seven days and aim to resolve the complaint as quickly as possible. We will provide you with a decision within 30 days.
If you are dissatisfied with the response of our complaints officer, you may make a complaint to our External Dispute Resolution Scheme by calling 1800 931 678 or writing to firstname.lastname@example.org, or the Privacy Commissioner which can be contacted at www.oaic.gov.au or on 1300 363 992.
If you’d like further information about the way we manage your CDR data or a copy of this policy (electronic or hard copy), please contact us on email@example.com.