The RBA increased the cash rate by 0.25% p.a. on 6 June 2023. We’re reviewing our rates and will have an update soon. Learn more

Consumer Data Right Policy

Describes the data available for you to share, how to share your data, what we do with the data we collect, and how to make a complaint.

by 

At a glance

This policy describes what data will be available for you to share, how to share your Unloan data, what we do with the data we collect, and how to make a complaint.

To save a copy of this policy, use the print function of your browser. If you’d like a PDF copy, please email [email protected]. We will send this to you free of charge.

About us

The CommBank Group provides a wide range of banking and financial services. For more information about the Group, including a complete list of Group members, see CommBank's latest Annual Report, available at commbank.com.au/shareholders.  Unloan is a division of CommBank offering mortgage lending products.

This Consumer Data Right Policy only applies to Unloan, a division of the Commonwealth Bank of Australia.

In this policy:

  • Unloan, we, us or our means Unloan, a division of the Commonwealth Bank of Australia.
  • CommBank means the Commonwealth Bank of Australia.

About the Consumer Data Right (CDR)

The Consumer Data Right (CDR) was introduced by the Federal Government to provide customers with rights to access specified data that relates to them (CDR data) held by organisations (data holders).  It allows customers to authorise the sharing of CDR data to organisations accredited by the ACCC under the Consumer Data Right (accredited data recipients), as well as providers collecting CDR data from, or on behalf of, an accredited recipient. In this policy, both are referred to as an accredited data recipient.

What does this mean?

  • Where Unloan holds CDR data about you, you can ask us to share that data with other accredited data recipients. In the policy, we refer to this data as your Unloan CDR data.
  • Where a third party holds CDR data about you, you can consent for us to collect your data from the third party, so we can provide you with a product, service or feature. In this policy, we refer to this data as your external CDR data.

CDR is jointly regulated by the Australian Competition and Consumer Commission (ACCC) and the Office of the Australian Information Commissioner (OAIC). The legislative framework includes the Competition and Consumer Act 2010 and the Competition and Consumer (Consumer Data Right) Rules 2020 (CDR legislation).

About this policy

This policy describes your rights under the CDR legislation.

If you want to know more about how we handle your personal information at Unloan, see our Privacy Policy at unloan.com.au/privacy

Sometimes we update our CDR policy. You can always find the most up-to-date version on our website, and you can ask us to send you a copy of the latest version.

Your privacy and security

Your privacy and the security of your information is important to us. We protect your information and aim to be clear and open about what we do with it. We adhere to relevant security and privacy regulatory requirements, and maintain appropriate controls and capabilities to keep your information safe.

What data will be available under the CDR?

As a data holder under the CDR legislation, we are required to make available specific sets of data for sharing. Examples of the types of CDR data we may collect include customer information, product use information and information about a product, such as:

  • Name, occupation and contact details
  • Account balance and features of products you have with us
  • Transaction details
  • Direct debits and scheduled payments
  • Saved payees
  • Information about our products and services

We’ll only share data as required under the CDR legislation (required consumer data).

We share your Unloan CDR data only with your consent and we don’t charge a fee for sharing your data.

There are two types of CDR data you can share:

  • Sharing your Unloan CDR data
  • Sharing your external CDR data with Unloan.

Sharing your Unloan CDR data

You can choose to share your Unloan CDR data with an accredited data recipient so they can provide you with a product or service (like a budgeting tool).

How does this work?

  • You need to give your consent to the accredited data recipient to collect your Unloan CDR data (on their site or app), then they’ll redirect you to Unloan.
  • We’ll need to identify you first. We’ll ask you to enter the email address you’ve registered with us and then we’ll send you a One Time Password to log into the Unloan site.
  • We’ll remind you what Unloan CDR data will be collected by the accredited data recipient and ask you to choose which accounts you’d like to share with them.
  • You’ll be asked to authorise us to share your Unloan CDR data with the accredited data recipient for a period of time of no more than 12 months.

Important things to note:

  • We'll never ask you to share your Unloan login details or passwords with a third party.
  • Only accredited data recipients you authorise are able to access data under the CDR legislation. To learn more about accreditation, go to cdr.gov.au.
  • To share your Unloan CDR data you'll need to be at least 18 years old and have an individual or joint account.

Sharing data from a joint account

A joint account is automatically enabled for data sharing. This means that any joint account holder is able to set up a data sharing arrangement with an accredited organisation without further approval. Without a data sharing arrangement in place, Unloan will not share data from the joint account (even if it's enabled for data sharing). Any account holder can stop sharing data from the joint account at any time.  

For accounts that are enabled, any account holder can disable the joint account from data sharing. When the account is disabled, an account holder won’t be able to set up new data sharing arrangements and any active data sharing arrangements will be paused. If the account is disabled and you want to re-enable it for data sharing, all account holders must agree and approve the request.

To enable or disable a joint account for sharing, log into the Unloan App and go to Settings, Manage Data Sharing, Data Sharing Preferences, and then Joint Accounts.

Manage your data sharing

You can log on to the Unloan App and go to Settings and then Manage Data Sharing to:

  • View your data sharing
  • Manage your data sharing
  • Stop data sharing
  • Remove your account from a data share set up by someone else

How to correct your Unloan CDR data

If any of your Unloan CDR data is incorrect, contact your Unloan lender or email us at [email protected] to ask us to correct it.

Within 10 business days, we’ll let you know in writing whether we corrected your Unloan CDR data or if we found it to be accurate, up to date, complete, and not misleading.  We may instead provide you with a notice of why we thought a correction was unnecessary or inappropriate.  There are no fees for this service.  

You can see your latest data sharing details anytime by going to Settings and then Manage Data Sharing.

If we identify that we shared incorrect Unloan CDR data with an accredited data recipient, we’ll let you know within 5 days.  We’ll also tell you who we shared the incorrect data with, the date it was shared, and how to ask us to share the corrected Unloan CDR data.

You also have the right to access and correct personal information Unloan holds about you.  Refer to our Privacy Policy for more information at Unloan.com.au/privacy

Reporting an issue

If you’d like to raise an issue or complaint, check out the How we deal with complaints section below.

Our outsourced service providers

So that we can deliver better products, services and features to you, we use services from third parties called "outsourced service providers" (OSPs).

We only use OSPs who have entered into written agreements with us and who have data centres located in Australia. They are not permitted to share or sell any CDR data they collect. They will delete your CDR data (and any data that is derived from your CDR data) once your consent expires or you withdraw your consent (unless they're legally required or permitted to keep it).

Below is a list of our OSPs, including the sort of CDR data we disclose to them, the services they provide us and whether they are accredited:

  • Yodlee is an accredited data recipient. We use Yodlee to help us collect CDR data from data holders and manage CDR consents. This means that with your permission, Yodlee may collect customer information, product use information and information about a product on our behalf.  Yodlee deletes your CDR data as required and doesn’t use it for any other purpose.
  • Tiimely is an accredited data recipient. We use Tiimely to help us categorise CDR data, so that we can verify and assess your financial position when you apply for an Unloan product, including assessing your ability to service financial products. In providing these services, Tiimely may collect customer information, product use information, and information about a product on our behalf. Tiimely deletes your CDR data as required and doesn’t use it for any other purpose.
  • Biza is an accredited data recipient.  We use Biza to connect with CDR participants to share Unloan CDR data.  Biza may collect Unloan customer information, product use information, and information about a product on our behalf in order to share it with your chosen recipient, and doesn’t use it for any other purpose. Biza doesn’t store any Unloan CDR data and has no access to your CDR data when you stop sharing.

Sharing your CDR data with Unloan

Unloan is a division and a brand of CommBank and operates under CommBank's CDR accreditation with the ACCC. You can consent to share your external CDR data with us. You don't have to share data with us, and we'll always tell you the specific purpose we're asking to collect and use your data when we ask for your consent.

What data we collect and why

Unloan may collect, hold and use your data to assess your financial position for any loan applications you may submit and to facilitate funding your loan account if your application is successful. We may ask for your data, including account balances, transaction, and details of products you have with other banks.

This data may also be collected and held by another entity that holds it on our behalf (for example our outsourced service providers).

Over time, we may introduce more services or features that use data from other organisations. If so, we'll update this policy with the new information.

Deleting data we've collected

You can ask us to stop collecting and using your external CDR data any time in the Unloan App by going to Settings and then Connected Banks. You can also do this on your data holder's website or app.

If you ask us to stop collecting and using your external CDR data, or if your consent expires, we'll delete the data we collected (and any data derived from it, including by our OSPs) to the extend reasonably practicable, unless we're legally required to keep it. Once our legal retention period expires, any retainedCDR data will be deleted. You do not newd to tell us to delete your CDR data and it will be deleted to the extent that it's irretrievably destroyed. Remember, if you withdraw your consent, it will affect the service or feature we've offered you, as we won't be able to use your external CDR data.

How we manage your data

Unloan does not collect or store your external CDR data directly - we do so using our OSPs. When our OSPs collect your external CDR data, they encrypt it and store it securely in Australia, separate from other data. This ensures your data can only be used for the purpose for which you consented.

We don't share your external CDR data with other parties (including those based overseas).

How to correct your Unloan CDR data

If any of your external CDR data is incorrect, contact your Unloan lender or email us at [email protected] to ask us to investigate the issue.

Within 10 business days, we'll let you know in writing whether we corrected your Unloan CDR data or if we found it to be accurate, up to date, complete and not misleading. We may instead provide you with a notice of why we thought a correction was unnecessary or inappropriate. There are no fees for this service.

You can see your latest external CDR data sharing details anytime in the Unloan App by going to Settings and then Manage Data Sharing.

If we identify that we shared incorrect Unloan CDR data with an accredited data recipient, we'll let you know within 5 business days. We'll also tell you who we shared the incorrect data with, the date it was shared, and how to ask us to share the corrected Unloan CDR data.

You also have the right to access and correct personal information Unloan holds about you. Refer to our Privacy Policy for more information at unloan.com.au/privacy.

For your external CDR data, we do our. best to keep it it up to date by collecting it regularly. Although we're unable to control its accuracy, we'll investigate your issue, but may refer you to the data holder so you can ask them to correct your data. If they correct your data and make it available for us to collect, we'll update it if your consent is still current.

When we notify you

We’ll notify you

  • when you set up or stop data sharing, and when your data sharing agreement expires (where required).
  • every 90 days if you're sharing your external CDR data with us.
  • in the event of an eligible data breach affecting your CDR data under the Notifiable Data Breach Scheme in the Privacy Act 1988 (Cth).
  • if you request we correct your CDR data.
  • if our CDR accreditation is surrendered, suspended or revoked.

Joint account holders can manage some notifications they receive about data sharing activity by logging on to the Unloan App and going to Settings, Manage Data Sharing, Data Sharing Preferences, and then Notification Settings.  

How we deal with complaints

We want to make things right.  If there’s a problem with how we handle your CDR data, it’s important we hear about it so we can make it right.  

You can tell us what's wrong by emailing us at [email protected] or by calling 1300 630 000.

We will take your complaint seriously, work with you to address your complaint, and try to find a solution that's fair and reasonable.

Please tell us:

  • Your name and your preferred contact details (you can make an anonymous complaint if you would prefer).
  • What your complaint is about, including the way we've handled your CDR data, what went wrong and what you'd like us to do.
  • Any supporting documentation.

What happens after you make a complaint

  1. We’ll let you know we’ve received your complaint (generally by the next business day).
  2. We’ll assess the information we have and investigate the issue.
  3. We’ll work with you to find a fair outcome. The outcome will depend on the nature of the issue or complaint and could include provision of assistance and support or correction of data.
  4. If we're unable to do this within 30 days, we'll tell you the reason for the delay, give you a date you can expect to hear an outcome, and continue to update you on our progress.

If you're unhappy with the resolution

You can lodge a dispute with the Australian Financial Complaints Authority (AFCA). They provide a fair and independent, free complaint resolution service:

Website: www.afca.org.au

Email: [email protected]

Phone: 1800 931 678 (free call)

Address: GPO Box 3, Melbourne VIC 3001

If your complaint is about your privacy or how we handle your CDR data, you can also contact The Office of the Australian Information Commissioner:

Website: www.oaic.gov.au

Phone: 1300 363 992

Address: GPO Box 5218, Sydney NSW 2001

To learn more, see our complaints process at unloan.com.au/complaints-policy

We’re here to help

If you have a question about our CDR Policy or need help, email us at [email protected] and we’ll be happy to help.

A home loan you can love

Low rates, with a discount that gets better and better.

No fees from us

No application fees, no account-keeping fees, no annual fees.

Apply in minutes

Switch to Unloan today.

Built by CommBank

Unloan is a digital home loan, built by Australia's leading bank.