WEMONEY CDR POLICY

  1. ABOUT THIS POLICY

WeMoney Pty Ltd ACN 633 007 860, Australian Credit Licence 526330  (WeMoney or we or us) is an accredited data recipient participating in the government’s open banking scheme under the Consumer Data Right regime.

WeMoney has created this Consumer Data Rights (CDR) Policy in accordance with the requirements of Division 5 of Part IVD of the Competition and Consumer Act 2010, the Competition and Consumer (Consumer Data Right) Rules 2020 and the CDR Privacy Safeguard Guidelines (CDR Legislation). In this CDR Policy, we will illustrate how we will manage your CDR data and describe how you can access and correct your CDR data or make a complaint. 

  1. UNDERSTANDING THE CONSUMER DATA RIGHTS (CDR) REGIME

With the term “open banking”, new regulations were introduced for the banking industry to implement the Consumer Data Rights (CDR). The CDR regime initially applies to the banking industry and then it will apply to other industries such as telecommunications and the energy industry. 

In simple terms the implementation of CDR allows you as the consumer to share with your consent your data for specific purposes with any other organisation that is accredited under the CDR regime. 

The intent of the CDR regime aims to provide greater choices and control for Australian consumers over how their data is used and disclosed. It allows consumers to access particular data in a usable form and to direct a business to securely transfer that data to another business that is an accredited data recipient.

Your CDR data includes your contact details, account information, transaction records or specific information about the banking products you may have. WeMoney is an accredited organisation under the CDR regime which allows you as our consumer to share selected banking data for specific purposes with or from other accredited organisations. 

The great benefit is that you control and decide when to share your CDR data, what CDR data you share, and with whom you want to share your CDR data with. 

We will also continue to manage your personal information in line with WeMoney’s Privacy Policy and our obligations under the Privacy Act (1988). Please visit our Privacy Policy at wemoney.com.au/privacypolicy for further information.

  1. HOW WE HOLD CDR DATA

WeMoney collects and holds your data that you provide to us as our customer, which enables us and assists us to provide you with WeMoney’s services.

This data that we hold and collect, may include data that is classified as “CDR data” upon us receiving as an accredited data recipient under the CDR regime. 

Under the CDR regime a:

Data holder: is the organisation that holds your data and upon your consent shares your data with an accredited data recipient. This is i.e. your bank.

Data recipient: is an accredited organisation under the CDR regime (for e.g. other banks and financial services organisations) that you have provided your consent to receive and use your CDR data from the Data holder. This is WeMoney.

When you provide your consent to an accredited organisation to collect and use your CDR data, it's important to know that you are then entering into an agreement with them.

At WeMoney, we will hold your data for a period of time as specified by you or until you withdraw consent. Once you withdraw your consent we will delete your CDR data that we hold about you (if requested).

WeMoney does not accept consumer requests to access additional voluntary products or consumer data that the app does not already make available.

  1. CLASSES OF CDR DATA:

The CDR Data we collect from you and hold are classified as your “required consumer data” within your banking records which may include:

  1. Contact details 
  2. Account information
  3. Transaction records 
  4. Product-specific data

CDR data includes data that may be derived from the original account information and transaction details. 

  1. HOW YOU CAN ACCESS YOUR CDR DATA

CDR data that we have received will be made available to you securely via the WeMoney App. In addition, WeMoney allows you to update specific CDR data such as account holder information securely via the WeMoney App. Please note that for any data updates to other organisations that are Data holders you will need to contact them directly to correct and update your data.

You are able to withdraw your consent to share your CDR data at any time through the WeMoney App. 

  1. HOW WE USE YOUR CDR DATA

WeMoney offers the WeMoney service online, which enables users to manage their personal finances. Features include account aggregation of Australian bank accounts, calculating a user’s net worth, defining and tracking savings goals, and participating in the WeMoney community.

WeMoney uses your data to deliver this service to you and to improve the overall service quality in the long-term.

  1. GENERAL RESEARCH, ENGINEERING AND DISCLOSURE

WeMoney will use your CDR data in anonymised form to perform general research, specifically for statistical analysis to improve the WeMoney app. 

We maintain an in-house engineering team to perform statistical analysis and for supporting the WeMoney app. Your CDR data will not be shared by WeMoney with any third parties in this process.

You may delete your CDR data directly by deactivating your account or sending us a request to delete it. WeMoney will not retain CDR data that has been subject to a requested deletion by you.

  1. OVERSEAS STORAGE PRACTICES

WeMoney holds and stores data with SOC2 and ISO27K compliant data centres in Australia and the USA. We will keep your CDR data stored securely and encrypted in electronic form in accordance with WeMoney’s Privacy Policy and complying with our Privacy Act (1988) obligations.

  1. HOW WE NOTIFY CONSUMERS

On several occasions, you will receive notifications via the WeMoney app. Such notifications will include:

  1. relevant lifecycle events regarding your CDR data;
  2. requesting your consent to use your CDR data;
  3. the withdrawal of your consent; and
  4. the collection of your CDR data, i.e., when updating your financial transactions.
  1. CONSEQUENCES OF WITHDRAWING CONSENT

You can withdraw your consent or authorisation to share your CDR data with WeMoney at any time by disconnecting an individual bank account within the WeMoney app or by withdrawing your consent remotely via your financial institution. 

Alternatively, you can withdraw your consent by deactivating your WeMoney account altogether.

Once WeMoney receives your consent withdrawal in any form, we will permanently delete your CDR data from our systems within 30 days.

Once the data is permanently deleted you will not be able to access it unless you provide consent again to us to receive your CDR data.

  1. CONTACTING US OR MAKING A COMPLAINT

WeMoney is here to help! If you want to know how we hold and manage your CDR please contact us via either the WeMoney app, or email us at hello@wemoney.com.au.

If you are concerned about how we have handled your CDR data or you want to make a complaint or provide us with any feedback, you can talk to us by writing to us at hello@wemoney.com.au. We will attempt to the best of our abilities to resolve any issue you may have. 

In order for us to assist you, please include your full name, email and contact details, as well as a preferred contact method in your email to us. We may ask for additional information to identify you. Please note a WeMoney representative will never ask you for your log-in account information such as your password via phone or email.

We will do our best to: 

  1. try and resolve your complaint immediately, if possible;
  1. resolve your complaint within 5 business days. If this isn’t possible, we will confirm the outcome with you in writing. We will aim to resolve your complaint within 30 days. If we can’t meet these timeframes, we will explain to you why and will provide to you an expected date for the outcome of your complaint. We will keep you informed of progress; and
  1. We will explain to you about our decision with respect of your complaint and notify in writing for all complaints that are not resolved within 5 business days. 

If you are not satisfied with the final outcome, you may choose to lodge a complaint with the Australian Financial Complaints Authority (AFCA). AFCA provides a free and independent dispute resolution service for individuals and small business customers who are unable to resolve their complaints directly with WeMoney.

Australia Financial Complaints Authority

Online: www.afca.org.au

Email: info@afca.org.au

Phone: 1800 931 678

Mail: GPO Box 3, Melbourne, VIC 3001

You may also raise any CDR concerns directly with the Office of the Australian Information Commissioner (OAIC). OAIC acts as an impartial third party when investigating and resolving a complaint in relation to the handling of your CDR data. You can contact the OAIC on:

Office of Australian Information Commissioner

Mail: GPO Box 5218, Sydney, NSW 2001

Phone: 1300 363 992

Online: www.oaic.gov.au

Email: enquiries@oaic.gov.au

  1. NOTIFIABLE DATA BREACHES

From February 2018, the Privacy Act includes a new Notifiable Data Breaches scheme (NDB) which requires us to notify you and the Office of the Australian Information Commissioner (OAIC) of certain data breaches and recommend steps you can take to limit the impacts of a breach (for example, a password change). 

The NDB scheme requires us to notify about a data breach that is likely to result in serious harm to affected individuals. There are exceptions where notification is not required. For example, where we have already taken appropriate remedial action that removes the risk of serious harm to any individuals. 

If we believe there has been a CDR data breach that impacts your personal information and creates a likely risk of serious harm, we will notify you and the OAIC as soon as possible and keep in close contact with you about the nature of the breach, the steps we are taking and what you can do to reduce the impacts to your privacy. 

If you believe that any personal information, we hold about you has been impacted by a data breach, you can contact us using the contact details below.

  1. AVAILABILITY

This CDR Policy is available electronically by selecting “Settings”, then “CDR Policy” within the WeMoney App. It is available on the WeMoney website by visiting https://wemoney.com.au/cdr, and on request by contacting hello@wemoney.com.au
WeMoney does not provide hard copies.

We reserve the right to change this CDR Policy, at any time and when we do, we will post the current version on our website and will be available in “Settings”, then “CDR Policy” within the WeMoney App. 

The revised CDR Policy shall apply from the date of publication of the revised CDR Policy on our website, and is made available in “Settings”, then “CDR Policy” within the WeMoney App. You hereby waive any right you may otherwise have to be notified of, or to consent to, revisions of the CDR Policy.

Any subsequent access to, or use by you, of the WeMoney website or any of our WeMoney services including the WeMoney App will constitute acceptance of any varied or modified CDR Policy.

We will not file a copy of the CDR Policy specifically in relation to each user or customer and, if we update the CDR Policy, the version to which you originally agreed may no longer be available on our WeMoney website or made available in “Settings”, then “CDR Policy” within the WeMoney App. We recommend that you consider saving a copy of the CDR Policy for future reference.

This CDR Policy is Version 1.0 dated 12th   October 2021.