In this Consumer Data Right Policy “we”, “us”, “our” or “Greener” means Greenr Global Holdings Pty Ltd (ABN 33 615 374 377) Greener offers a new way to pay and is powered by Open Banking. The Consumer Data Right (“CDR”) aims to provide Australian consumers with choice and control over how their data is used and disclosed. The CDR regulates the collection and handling of CDR data. In accordance with our obligations as an accredited data recipient under CDR laws, we set out in this Consumer Data Right Policy information about how we manage your CDR data.
In this Consumer Data Right Policy “we”, “us”, “our” or “Greener” means Greenr Global Holdings Pty Ltd (ABN 33 615 374 377) Greener offers a new way to pay and is powered by Open Banking.
The Consumer Data Right (“CDR”) aims to provide Australian consumers with choice and control over how their data is used and disclosed. The CDR regulates the collection and handling of CDR data. In accordance with our obligations as an accredited data recipient under CDR laws, we set out in this Consumer Data Right Policy information about how we manage your CDR data.
Classes of CDR data
The CDR laws gives you the ability to share your data are with accredited data recipients (which could include financial institutions, banks, and other companies). The object of the CDR is to allow consumers to have greater control of their data, use the data to obtain products or services and have greater transparency on how their data is used.
With your consent, we may collect and hold the following classes of CDR data:
Account balance and details:
Purposes of collection, storage, use and disclosure of CDR data
We collect, hold, use and disclose CDR data for the following purposes:
Your data is held by Greener in a secure and audited environment. Data is only stored in Australia and shared (with your consent) with accredited parties in Australia. We store CDR data in Australia with Microsoft Azure in their Australian East region. CDR Data is always encrypted in transit and at rest including all backups.
Disclosure of CDR data
In carrying out the purposes listed above, we disclose CDR data to third parties and outsourced service providers as follows:
Outsourced service providers
If we share your CDR data with any accredited person, we will ensure that we have your consent before we do this.
We will notify you of events in relation to your CDR data as required under the CDR, including as follows:
Your CDR data rights
Access: You may request access to the CDR data that we hold about you. Where you submit an access request to us we will provide you access to your CDR data in accordance with the CDR access requirements.
Correction: If you believe that any CDR data we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, you have the right to request the correction of your CDR data. Where you submit a correction request to us we will promptly take steps to correct your CDR data. You can also ask the Data Holder to correct the information.
Withdrawal of consent: If you have given us consent to collect and manage your CDR data, you may withdraw your consent at any time. However, if you withdraw your consent, while you may retain access to the Greener mobile application, we may not be able to continue providing some or all of the Greener services to you. If you withdraw your consent, we’ll delete your data if you requested us to do so when you first consented.
Deletion request: A data recipient can only ask for data that is absolutely necessary and can only hold it for the minimum amount of time it is needed to provide the service. You may request that we delete redundant data that we hold about you. Where you submit a deletion request to us we will promptly respond to your deletion request and take the steps described in the ‘Our deletion and de-identification policy’ section below. We only use your data for the purpose you have agreed to and we will delete it after it has been used for that purpose. When you withdraw your consent, your data is automatically deleted if you requested for it to be deleted at time of consent – otherwise we may instead deidentify it.
Submitting requests: You may submit the above requests via the functionality in the mobile application (otherwise known as the consumer dashboard) or by contacting us at the contact details on our website and at the end of this Consumer Data Right Policy. Where we receive a request, we may require that you provide further information so that we can respond to your request. We will respond to your request and let you know the outcome of your request.
Our deletion and de-identification policy
Redundant data: When CDR data is no longer required for any purpose permitted by law it becomes redundant data. We will destroy, delete or de-identify redundant data unless we have a legal obligation to maintain the data, such as for legal reporting purposes or by a court or tribunal order, or if we need or reasonably anticipate that we will need the redundant data for legal or dispute resolution proceedings. Unless you have asked us to delete your redundant data, our general policy is to decide whether to delete, destroy or de-identify redundant data once it becomes redundant.
Deletion process: Where we delete or destroy CDR data we delete it from our storage, we delete all copies of it and if we have disclosed it to any third party we ask them to delete it.
De-identification process: Where we de-identify CDR transaction data, we do this by removing all personally identifiable information within the CDR dataset and any other information that could identify you to individual purchases. Steps include, but are not limited to:
The remaining data is now anonymous and unable to be re-identified.
De-identification: We may also de-identify CDR data which has not become redundant in the process of creating analytics. We use these analytics to inform our product improvement and development. Sometimes we also disclose these analytics to merchants we partner with and to you to provide you with general insights about users of Greener, and for invoicing purposes. We may also share de-identified CDR data with third party fraud prevention tools for the purpose of fraud detection and prevention.
If a service does not require the ongoing use of your de-identified CDR data, you have the option to have it deleted. You can decide this when you first grant consent and any time during the consent lifecycle.
If you wish to make a complaint, please contact us at any time using the contact details below and provide us with your name, your contact details, your preferred contact method and full details of your complaint. We will aim to send an acknowledgement of your complaint within 2 business days of receiving your complaint.
We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take in response to your complaint. We aim to provide a full response within 14 days but sometimes this may take longer. If there is a delay, we will let you know and explain why. Within 14 days of your complaint (unless there is a delay) we will provide a final response letter confirming the final outcome of your complaint and your right to lodge a complaint with:
Australian Financial Complaints Authority (AFCA):
Phone: 1800 931 678 (free call)
Mail: Australian Financial Complaints Authority GPO Box 3 Melbourne VIC 3001
Office of the Australian Information Commissioner (OAIC):
GPO Box 5218
Sydney NSW 2001
Phone: 1300 363 992
We may from time to time update this Consumer Data Right Policy by publishing the updated version on our website. We recommend you check our website regularly to ensure you are aware of our current Consumer Data Right Policy. You can also always ask us to provide a copy electronically or in hard copy.
For any questions or notices, please contact Neil McVeigh at:
Greenr Global Holdings Pty Ltd (ABN 33 615 374 377)
Address: 11 York Street, Sydney, New South Wales 2000, Australia
Last update: 5 July 2022