Greener Consumer Data Right Policy

In this Consumer Data Right Policy “we”, “us”, “our” or “Greener” means Greenr Global Holdings Pty Ltd (ABN 33 615 374 377) Greener offers a new way to pay and is powered by Open Banking. The Consumer Data Right (“CDR”) aims to provide Australian consumers with choice and control over how their data is used and disclosed. The CDR regulates the collection and handling of CDR data. In accordance with our obligations as an accredited data recipient under the CDR laws, we set out in this Consumer Data Right Policy information about how we manage your CDR data.

In this Consumer Data Right Policy “we”, “us”, “our” or “Greener” means Greenr Global Holdings Pty Ltd (ABN 33 615 374 377) Greener offers a new way to pay and is powered by Open Banking.

The Consumer Data Right (“CDR”) aims to provide Australian consumers with choice and control over how their data is used and disclosed. The CDR regulates the collection and handling of CDR data. In accordance with our obligations as an accredited data recipient under the CDR laws, we set out in this Consumer Data Right Policy information about how we manage your CDR data.

Classes of CDR data

The CDR laws gives you the ability to share your data are with accredited data recipients (which could include financial institutions, banks, and other companies). The object of the CDR is to allow consumers to have greater control of their data, use the data to obtain products or services and have greater transparency on how their data is used.

With your consent, we may collect and hold the following classes of CDR data:

  • Contact information (information about the person using the product):
  • Full name;
  • Contact details, including address, email and mobile phone number; and
  • Occupation.

Account balance and details:

  • Details of any bank account you link to Greener, including its BSB, account number, account name, account balance, discounts, account terms, fees, account mail address and type
  • Transaction data (information about a person’s use of a product):
  • Full transaction history for linked account (including incoming and outgoing transactions, who the transactions are from or to, the dates of the transactions, descriptions of the transactions and the amounts of the transactions);
  • Direct debits and Scheduled Payments
  • Direct debit authorisations; and
  • Scheduled, outgoing payments.

Purposes of collection, storage, use and disclosure of CDR data

We collect, hold, use and disclose CDR data for the following purposes:

  • to provide the Greener services to you, including:
  • calculating and displaying your carbon footprint;
  • demonstrate the environmental impacts of your spending habits; and
  • calculating the volume of carbon offsets and credits to purchase to make certain purchases carbon neutral;
  • providing insights about your transactions and carbon footprint;
  • providing personalised shopping recommendations; and
  • providing suggestions on how to reduce your carbon footprint.
  • to contact and communicate with you about the Greener services, including to provide you support for the Greener services;
  • for our internal record keeping, reporting and administrative purposes;
  • in a de-identified or aggregated form for invoicing our merchant partners;
  • in a de-identified or aggregated form for analytics and fraud detection and prevention (as further described below in the ‘Our deletion and de-identification policy’ section);
  • to comply with our legal obligations and resolve any disputes that we may have; and
  • if otherwise required or authorised by law.

Your data is held by Greener in a secure and audited environment. Data is only stored in Australia and shared (with your consent) with accredited parties in Australia. We store CDR data in Australia with Microsoft Azure in their Australian East region. CDR Data is always encrypted in transit and at rest including all backups.

Disclosure of CDR data

In carrying out the purposes listed above, we disclose CDR data to third parties and outsourced service providers as follows:

Third parties

  • Basiq: we partner with Basiq to collect Transaction Data from your financial institution
  • Merchants: we share aggregated and or de-identified data with merchants to help them better provide their products and services to Greener app members

Outsourced service providers

  • Shadowboxer: we partner with digital agency Shadowboxer to design and develop Greener’s digital platform, including the Greener mobile app

If we share your CDR data with any accredited person, we will ensure that we have your consent before we do this.

Notifications

We will notify you of events in relation to your CDR data as required under the CDR, including as follows:

  • when you give us consent to collect and use your CDR data;
  • when we need to check in with you to let you know your consent is still current;
  • when you withdraw your consent;
  • at the time of the collection of your CDR data;
  • when we respond to your correction request; and
  • there is an eligible data breach which affects you under the Notifiable Data Breaches Scheme.

Your CDR data rights

Access: You may request access to the CDR data that we hold about you. Where you submit an access request to us we will provide you access to your CDR data in accordance with the CDR access requirements.

Correction: If you believe that any CDR data we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, you have the right to request the correction of your CDR data. Where you submit a correction request to us we will promptly take steps to correct your CDR data. You can also ask the Data Holder to correct the information.

Withdrawal of consent: If you have given us consent to collect and manage your CDR data, you may withdraw your consent at any time. However, if you withdraw your consent, while you may retain access to the Greener mobile application, we may not be able to continue providing some or all of the Greener services to you. If you withdraw your consent, we’ll delete your data if you requested us to do so when you first consented.

Deletion request: A data recipient can only ask for data that is absolutely necessary and can only hold it for the minimum amount of time it is needed to provide the service. You may request that we delete redundant data that we hold about you. Where you submit a deletion request to us we will promptly respond to your deletion request and take the steps described in the ‘Our deletion and de-identification policy’ section below. We only use your data for the purpose you have agreed to and we will delete it after it has been used for that purpose. When you withdraw your consent, your data is automatically deleted if you requested for it to be deleted at time of consent – otherwise we may instead deidentify it.

Submitting requests: You may submit the above requests via the functionality in the mobile application (otherwise known as the consumer dashboard) or by contacting us at the contact details on our website and at the end of this Consumer Data Right Policy. Where we receive a request, we may require that you provide further information so that we can respond to your request. We will respond to your request and let you know the outcome of your request.

Our deletion and de-identification policy

Redundant data: When CDR data is no longer required for any purpose permitted by law it becomes redundant data. We will destroy, delete or de-identify redundant data unless we have a legal obligation to maintain the data, such as for legal reporting purposes or by a court or tribunal order, or if we need or reasonably anticipate that we will need the redundant data for legal or dispute resolution proceedings. Unless you have asked us to delete your redundant data, our general policy is to decide whether to delete, destroy or de-identify redundant data once it becomes redundant.

Deletion process: Where we delete or destroy CDR data we delete it from our storage, we delete all copies of it and if we have disclosed it to any third party we ask them to delete it.

De-identification process: Where we de-identify CDR transaction data, we do this by removing all personally identifiable information within the CDR dataset and any other information that could identify you to individual purchases. Steps include, but are not limited to:

  • removing the transaction’s userID (no link to any user ID remains)
  • removing the time portion of the transaction date time stamp
  • removing the transaction description (identifying any information that might specify the merchant’s location)

The remaining data is now anonymous and unable to be re-identified.

De-identification: We may also de-identify CDR data which has not become redundant in the process of creating analytics. We use these analytics to inform our product improvement and development. Sometimes we also disclose these analytics to merchants we partner with and to you to provide you with general insights about users of Greener, and for invoicing purposes. We may also share de-identified CDR data with third party fraud prevention tools for the purpose of fraud detection and prevention.

If a service does not require the ongoing use of your de-identified CDR data, you have the option to have it deleted. You can decide this when you first grant consent and any time during the consent lifecycle.

Complaints

If you wish to make a complaint, please contact us at any time using the contact details below and provide us with your name, your contact details, your preferred contact method and full details of your complaint. We will aim to send an acknowledgement of your complaint within 2 business days of receiving your complaint.

We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take in response to your complaint. We aim to provide a full response within 14 days but sometimes this may take longer. If there is a delay, we will let you know and explain why. Within 14 days of your complaint (unless there is a delay) we will provide a final response letter confirming the final outcome of your complaint and your right to lodge a complaint with:

Australian Financial Complaints Authority (AFCA):

Online: http://www.afca.org.au

Email: info@afca.org.au

Phone: 1800 931 678 (free call)

Mail: Australian Financial Complaints Authority GPO Box 3 Melbourne VIC 3001

and

Office of the Australian Information Commissioner (OAIC):

GPO Box 5218

Sydney NSW 2001

Phone: 1300 363 992

Email: enquiries@oaic.gov.au

Amendments

We may from time to time update this Consumer Data Right Policy by publishing the updated version on our website. We recommend you check our website regularly to ensure you are aware of our current Consumer Data Right Policy. You can also always ask us to provide a copy electronically or in hard copy.

For any questions or notices, please contact Neil McVeigh at:

Greenr Global Holdings Pty Ltd (ABN 33 615 374 377)

Address: 11 York Street, Sydney, New South Wales 2000, Australia

Email: neil@getgreener.com

Last update: 5 July 2022