Consumer Data Right Policy

Consumer Data Right Policy #

Last Updated: April 04, 2023

See What’s Changed

About CDR

The Consumer Data Right (CDR) is an economy-wide regime that gives consumers access to and control over their data (CDR data). The regime also enables consumers to obtain products and services from accredited persons using CDR data.

CDR is jointly regulated by the Australian Competition and Consumer Commission (ACCC) and the Office of the Australian Information Commissioner (OAIC). The legislative framework includes the Competition and Consumer Act 2010 and the Competition and Consumer (Consumer Data Right) Rules 2020.

About this Policy

All Data Holders and Data Recipients are required to provide a consumer-facing CDR Policy. As a Data Recipient Biza provides this CDR Policy to you as a consumer free of charge. It is made publicly available on our website and referenced within Biza’s ADR software application(s) and associated consumer dashboard. If you would like to receive an electronic or hard copy of this policy, let us know via Biza - Get in touch or email [email protected].

Data sharing consent

If you provide consent for Biza to collect your data we’ll only use it for the purpose you agreed to. If we do collect and store any of your CDR data, we will delete it after it has served the stated purpose (redundant data). We do not use CDR data for any general research purposes. We will only retain your data beyond the stated purpose if we are required to do so under Australian law and in any event your data will not leave Australia.

Collecting your CDR Data

The types of data Biza may request you to share will vary depending on the service(s) we are offering. We will always clearly explain which types of data we need and why we require it before asking you to share any of your data. You may withdraw your consent at any time although this action may affect our ability to provide our service to you.

Biza adheres to the data minimisation principle, we only collect data necessary to provide a specified product or service to you. As an unrestricted Accredited Data Recipient, Biza operates within all designated CDR sectors and is therefore permitted to collect any of the following types of data having first secured appropriate consumer consent.

  • Banking Data
    • Account balance and details
      • Name of account
      • Type of account
      • Account balance
      • Account number
      • Interest rates
      • Fees
      • Discounts
      • Account terms
      • Account mail address
    • Transaction details
      • Incoming and outgoing transactions
      • Amounts
      • Dates
      • Descriptions of transactions
      • Who you have sent money to and received money from
    • Name, occupation, contact details
      • Name
      • Occupation
      • Phone
      • Email address
      • Mail address
      • Residential address
    • Organisation profile and contact details
      • Agent name and role
      • Organisation name
      • Organisation numbers (ABN or ACN)
      • Charity status
      • Establishment date
      • Industry
      • Organisation type
      • Country of registration
      • Organisation address
      • Mail address
      • Phone number
    • Direct debits and scheduled payments
      • Direct debits
      • Scheduled payments
    • Saved payees
      • Names and details of accounts you have saved
  • Energy Data
    • Account and plan details
      • Account and plan information
      • Account type
      • Fees, features, rates and discounts
      • Additional account users
    • Concessions and assistance
      • Concession type
      • Concession information
    • Payment preferences
      • Payment and billing frequency
      • Any scheduled payment details
    • Billing payments and history
      • Account balance
      • Payment method
      • Payment status
      • Charges, discounts, credits
      • Billing date
      • Usage for billing period
      • Payment date
      • Invoice number
    • Electricity connection and meter
      • National Meter Identifier (NMI)
      • Supply address
      • Customer type
      • Connection point details
      • Meter details
      • Associated service providers
    • Energy generation and storage
      • Generation information
      • Generation or storage device type
      • Device characteristics
      • Devices that can operate without the grid
      • Energy conversion information
    • Energy usage
      • Usage
      • Meter details

Control of your data

You are in control of your data at all times. You may withdraw consent for us to collect and use your data at any time through the Biza consent dashboard, through data holder dashboard(s), or in writing to your Data Holder(s) or directly to us.

Biza does not use any outsourced service providers and we will not sell your data to anyone. We will not provide your data to any third party without telling you first and asking your permission.

We will notify you when you provide consent, or when you amend or withdraw that consent. We will also notify you if more than 90 days have passed since you last interacted with us and you have ongoing active consents.

Correcting or Deleting your Data

If any of your CDR data is wrong, you have the right to ask us to correct it. If Biza has incorrectly collected or provided your data, let us know and we’ll do our best to fix it right away. If the data was incorrectly provided by your bank or energy company you can ask them to correct it for you. Once they’ve done this, we can collect it again for you.

We won’t charge you any fees for collecting your data.

You can withdraw your consent at any time either using Biza’s CDR Dashboard, or by using a similar dashboard at your Bank or Energy provider. Once your consent expires or is withdrawn, or if you ask us to, we will immediately delete any of your CDR data we might hold in our systems - unless we’re required to retain it under Australian law.

Making a complaint

Concerns or complaints about how your data is handled by Biza may be made at any time via email [email protected].

In order to investigate and provide a response to you we will need your name, contact information and details of the complaint.

We will acknowledge your complaint within 1 business day and aim to resolve it within 5 business days.

Depending on the nature of the complaint and our joint availability to discuss the matter, this process may take longer. If the complaint has not been resolved within 14 days, we will inform you that we need more time to investigate and provide an expected outcome date.

We will notify you of the final outcome of your complaint within 30 days. At this time we will also provide information to you about your right to access an external dispute resolution service and to lodge a complaint with the Australian Financial Complaints Authority (AFCA) or the The Office of the Australian Information Commissioner (OAIC) should you wish to do so.

The Australian Financial Complaints Authority:

GPO Box 3

Melbourne, VIC 3001

Phone: 1800 931 678

Email: [email protected]

Online: www.afca.org.au

The Office of the Australian Information Commissioner (OAIC):

GPO Box 5218

Sydney NSW 2001

Phone: 1300 363 992

Email: [email protected]

Online: http://www.oaic.gov.au