Consumer Data Right Policy

About this policy

This CDR Policy is limited to how Tiimely will collect, use, hold and disclose CDR data that customers consent to sharing with us. If you like to know about how we manage your personal information outside of the CDR regime, please see our Privacy Policy at https://tiimelyhome.com.au/legal-bits/privacy-policy

In this policy, Tiimely, we, us or our means Tiimely Pty Ltd and references to data means CDR data.

About the Consumer Data Right (CDR)

The CDR was introduced by the Australian Government to provide consumers with greater control and choice about sharing the data that designated businesses hold about them with third party service providers of their choosing.For the banking sector, this is often referred to as Open Banking.

If you choose to use Consumer Data Right to share your data with us, your information is transferred in encrypted form using secure technology. The process has been designed to give you greater choice and control through the convenience of a simple and secure process.

Service providers must go through a rigorous process to become accredited to receive CDR data and provide Consumer Data Right services to you. The Australian Competition and Consumer Commission (ACCC) manages this process.

More information about the CDR is available here: Homepage | Consumer Data Right

Provision of CDR services by Tiimely

Tiimely is an accredited data recipient under the CDR regime. Once we start offering CDR services, Tiimely will be able ask customers to provide their consent for Tiimely to receive their data a data holder (such as a bank) in participating industry sectors.

Tiimely is not yet an active accredited data recipient which means that we are not yet providing CDR services to our customers.The information in our CDR policy reflects this status and will be updated prior to Tiimely becoming active on the CDR Register.

Tiimely is also an outsourced service provider to other accredited data recipients and in that capacity we will use, disclose and hold CDR data on behalf of the accredited data recipient in accordance with their instructions and the terms of their customers’ consents.

The CDR data we may collect

We may collect, hold, use and disclose the following types of CDR data:

• Account balance and details
  • Name and type of account
  • Account number
  • Account balance
  • Credit limits (if applicable)
  • Fees
  • Interest rates
  • Discounts
  • Account terms
  • Account mail address
• Transaction details
  • Incoming and outgoing transactions
  • Amounts
  • Dates
  • Descriptions of transactions including details of who you have sent money to or received money from (ie names).

Why we collect CDR data

If you identify at any time that the CDR data we have collected about you is incorrect, you can contact us to investigate the issue and request that your data is corrected. Please see Contact Us below.

No fee will be charged to manage your request. We will notify you within 10 business days after receipt of your request what steps we have taken in response.

In some cases, we may need to refer you to the relevant data holder (bank) to resolve the issue as the source of the data we have received. If they correct your data, we will seek to collect it again to update our records if your consent for us to do so is still valid.

Disclosure of CDR data

With your consent, we may disclose your CDR data to third parties so we can provide you with the home loan product you have applied for. This may include our funder, Bendigo and Adelaide Bank, and outsourced service providers. We do not disclose CDR data overseas and will not disclose CDR data to any unaccredited parties other than outsourced service providers.

Further details of any disclosures will be updated prior to Tiimely offering CDR services to customers.

Withdrawing consent and deletion of data

At any time, you may withdraw your consent in 3 ways:

• through the consent dashboard that we provide to you;
• through the data holder (bank) consent dashboard available in your bank’s app or online banking service; or
• by emailing Tiimely to request the withdrawal. Please see Contact Us below.

If you use the consumer dashboard to withdraw your consent, the status of your consent will be updated in near real-time and reflect your change almost immediately. If you choose to withdraw your consent via email, this will be completed within 2 business days.

Please note that if you withdraw your consent, we may no longer be able to provide you with products or services. For example, if you have applied to for a home loan, we will not be able to finalise our assessment of your application, unless you elect to provide the required financial information by manually uploading bank statements.

We will irretrievably delete your data as soon as practicable of any of the following events:

• your consent expires;
• you stop sharing data with us before consent expires via an election on your consent dashboard;
• you request data sharing to stop via the data holder that provided your data;
• an accredited person requests that we delete your data; or
• you notify us in writing that you withdraw your consent.

When any of these events occur, we will delete all the data you shared with us from our systems, unless it is required to be held by law. This includes circumstances where we have a legal obligation under the National Consumer Credit Protection Act 2009 (Cth) to retain data that was used to assess your suitability for a home loan. Tiimely will also retain records that are required by the CDR Regime to allow us to track activities such as consents, consent withdrawal and data sharing in accordance with our obligations under the CDR Regime. We will delete these records at the end of six years as required.

Notifications

Tiimely will notify you:

• when you provide a data sharing consent that enables the collection, use or disclosure of CDR data. We will also notify you when your data has been collected or where we disclose CDR data to an accredited party;
• when your consent expires, or when you withdraw or amend your consent;;
• every 90 days for any ongoing consent for data sharing (where you have not interacted with our consent dashboard);
• when you request a correction of your data; or
• in the event of a data breach affecting your CDR data under the Notifiable Data Breach Scheme in the Privacy Act 1988 (Cth).

Complaints process

If you have a question or complaint about how your CDR data is being handled, there are a number of options for contacting us. Please see Contact Us below.

What to include when making a complaint

Please include the following information when submitting your complaint:

• your name;
• your preferred contact details for managing the complaint (phone / email / letter); and,
• the details of your complaint including what you would like us to do to resolve your complaint and any supporting documentation;
• if any additional assistance is required with lodging the complaint.

Complaints process

Once we receive your complaint, we will:

• acknowledge it within 24 hours or one business day and let you know if any further information is needed;
• do everything we reasonably can to fix the problem;
• keep you informed of our progress;
• keep a record of your complaint;
• provide you with contact details of the Complaints Officer handling your complaint.

Tiimely will investigate your complaint and attempt to provide you with a written response to resolve the complaint within fifteen (15) calendar days of receipt of your complaint.

If this timeframe cannot be met, you will receive a ‘final response’ letter within 30 days, informing you of:

• the final outcome of your complaint or dispute; and
• your right to take the complaint or dispute to External Dispute Resolution.

If we cannot provide a final response within thirty (30) days, we will tell you the reason for the delay and when you can expect to hear an outcome and keep you updated on our progress.

Options for redress

There are a range of potential options for resolving a complaint including:

• an explanation of the circumstances giving rise to the complaint;
• an apology;
• provision of assistance and support;
• a payment of compensation;
• correcting incorrect or out-of-date records; or
• undertaking to set in place improvements to systems, procedures or products.

External dispute resolution

Tiimely does not provide an internal review process for complaint responses. However, if you are not satisfied with our response, you may lodge a dispute with the Australian Financial Complaints Authority (AFCA). AFCA is a free and independent complaint resolution service.

• Website:
• Email: info@afca.org.au
• Phone: 1800 931 678 (Free call)
• Address: GPO Box 3, Melbourne, VIC, 3001

You can also contact the Office of the Information Commissioner about CDR or privacy related complaints:

• Website: www.oaic.gov.au
• Phone: 1300 363 992
• Address: GPO Box 5288, Sydney NSW 2001

Contact Us

Our website tiimelyhome.com.au/lets-talk outlines the ways you can get in touch with us including:

• By phone on 1300 842 405
• By contacting our Customer Feedback team via email hello@tiimelyhome.com.au
• Through our chat at tiimelyhome.com.au

Availability of policy

This policy is available electronically via our websites:

Consumer data right

Consumer Data Right Policy

A hardcopy of this policy can be obtained by emailing hello@tiimelyhome.com.au

Policy version

This is version 1.3 of the Tiimely CDR Policy (December 2024).

Tiimely will occasionally update this CDR Policy.You can always find the most current version on our website or alternatively you can ask us to send you a copy.