TALEFIN AUSTRALIA PTY LTD (ABN: 71 632 551 770) is an accredited data recipient under Australian Consumer Data Right (CDR) Legislation. This document articulates how we manage our CDR compliance in accordance with our obligations under the Competition and Consumer (Consumer Data Right) Rules 2020.
The Consumer Data Right (CDR) enables you to securely share your data, held by banks and other financial institutions (CDR Data), with other service providers, with your full knowledge and consent. You remain in control of who holds your CDR Data and how it is used.
TaleFin is an Accredited Data Recipient (ADR) under the CDR framework. This accreditation, granted by the Australian Competition and Consumer Commission (ACCC), authorises TaleFin to receive your data from banks and other financial institutions, but only where you have provided your informed consent.
TaleFin works with approved third parties (Partners) who, with your informed consent, may use your data to provide products and services to you.
TaleFin adheres to strict obligations under the CDR legislation and applicable privacy laws. This CDR Policy explains when and how TaleFin and its Partners collect, use, hold, and disclose your CDR Data in accordance with your consent. It also explains how you can manage your CDR Data and consents, as well as how to raise concerns or lodge complaints.
Please also refer to our Privacy Policy for further information about how TaleFin manages your personal information.
1.1 TaleFin’s Partners
TaleFin’s Partners include:
2. Classes of CDR Data
Under the CDR framework, data that may be shared is grouped into defined classes. These classes specify the types of information that TaleFin, as an Accredited Data Recipient, may collect from Accredited Data Holders (ADH) with your consent.
The main classes of CDR Data include:
Other categories of CDR Data may be defined under legislation or regulatory guidance over time. TaleFin will update this Policy to reflect any such changes.
3. Collection and Use of CDR Data
3.1 Collection
TaleFin will only collect your CDR Data once you have provided informed consent. This may include:
3.2 Use
TaleFin and its Partners may use your CDR Data for purposes that you have authorised, which may include:
TaleFin and its Partners will use your CDR Data for the purpose agreed and will hold your CDR Data for the period covered by the consent you have provided. CDR Data will never be used for purposes outside the scope of your consent. When we share your CDR Data with Partners, they are required to operate in accordance with CDR controls and privacy protections.
4. Consent Management
You may review, modify, or withdraw any CDR consent you have provided through the relevant Partner application. You can also withdraw your consent by contacting us in writing or via the data holder consent dashboard provided by your bank or other financial institution.
Withdrawing CDR consent will affect our ability to provide you with the Score, and it may also result in our Partner being unable to continue offering their products or services until consent is provided again.
4.1 Management
You can withdraw your consent at any time through the Partner application, and we will stop collecting, using or disclosing your CDR Data for the agreed purpose. If you withdraw consent, TaleFin will no longer collect your CDR Data and will delete or de-identify any previously collected CDR Data in accordance with legislative requirements.
4.2 CDR Data Deletion or De-Identification
TaleFin must adhere, and must ensure that its Partners adhere, to the data minimisation principle. This principle requires that a Partner may only request CDR Data that is necessary for the agreed purpose and may only hold that data for the minimum period required to provide their service.
Once your consent expires, or you withdraw your consent to stop sharing your CDR Data, TaleFin will delete your CDR Data in accordance with your instructions, except where Australian law requires certain data to be retained.
When your CDR consent expires or is withdrawn, TaleFin will automatically and irretrievably destroy or de-identify your CDR Data in accordance with your instructions, as soon as practicable. TaleFin will also notify any Partner with whom your CDR Data has been shared and require them to irretrievably destroy or de-identify your CDR Data.
If you withdraw consent, TaleFin will no longer collect your CDR Data and will delete or de-identify any previously collected CDR Data in accordance with legislative requirements.
4.3 De-identified CDR Data
If you allow TaleFin to use your de-identified CDR data once it is no longer required for its primary purpose, TaleFin may de-identify the data by removing all personal identifying information fields and retaining only the remaining non-identifiable fields.
Once your CDR Data has been fully de-identified, TaleFin may use it for internal operational purposes or to generate de-identified insights. This may include improving the quality of TaleFin’s services and supporting the development of our Score and Segmentation products. These products are designed to provide a fair and transparent risk management tools that may be used by our Partners when delivering financial products and services to you.
5. Storage and Security of CDR Data
TaleFin applies strict security measures to protect your CDR Data, including:
TaleFin and its Partners store CDR data securely within Australia, in compliance with the CDR Rules and the Australian Privacy Principles (APPs) under the Privacy Act.
CDR Data is only retained for as long as necessary to provide the authorised services, after which it will be securely deleted or de-identified in line with regulatory obligations.
6. Complaints Handling
If you have any concerns about the way TaleFin or its Partners have collected, used, or disclosed your CDR Data, you can raise a complaint by contacting us:
TaleFin is obliged to respond to your complaint within the 30 days, however, we aim to provide a response within 5 business days. If you are not satisfied with our response, you may escalate your complaint to:
Proud member of:
