Consumer Data Right Policy
When it comes to your personal data, we want you to know you’re always in control.
We take your rights seriously
We’re on a mission to make it easy for you to automatically reduce your impact on the planet. To do this, we analyse your spending habits, so that we can calculate and clean up your emissions.
And because we know trust is everything, we take our commitment to data privacy and security seriously.
That’s why we’ve been accredited by the Australian Competition and Consumer Commission (ACCC) as an organisation capable of securely handling the data our members share to power the Greener solution in line with the rules and safeguards of the Consumer Data Right (CDR) system.
We’ve also partnered with one of the leading open-banking platforms Basiq to ensure your data is securely encrypted using the same technology used by banks like Westpac, NAB and Visa.
It’s important to note, we’ll never ask for:
- Your online or mobile banking password; or
- Details of your account, such as account balances or account numbers.
And we never share your data without your consent.
What is an accredited data recipient?
The Consumer Data Right (CDR) regulates the collection and handling of CDR data in line with privacy safeguards, and rules that ensure your privacy is protected and your data is transferred and managed securely.
✓ More choice and control over how your data is shared
✓ Control what’s shared, what it’s used for and who it can be disclosed to
✓ Manage your consent and withdraw anytime
✓ Request any personal data be deleted
Types of data we use
Your personal data is yours, and we’ll never (ever) sell it or share it unless you ask us to.
Here’s what you can choose to share >>>
- Full name
- Contact details; including address, email and phone number
- Occupation
- Bank account details for any accounts you choose to link to Greener.
- Transaction details, including any direct debits or scheduled payments
How we use this data
With your consent, we use the data you share with us to provide you with personalised solutions to help you shrink your carbon footprint and get to zero.
Here’s how we collect, hold, use and disclose data >>>
- Calculating and displaying your carbon footprint
- Demonstrating the emissions impact of your personal spending
- Calculating the volume of emissions to offset to make your purchase carbon neutral
- Providing personalised recommendations to reduce your emissions
- To communicate with you about Greener services and provide support for our products and services
- De-identified and aggregated reporting for carbon offset invoicing
- De-identified and aggregated reporting for analytics, a and fraud detection and prevention
- To comply with any legal obligations, resolve any disputes and in any other way as required by law.
Your data is held by Greener in a secure and audited environment. Data is only stored in Australia and shared (with your consent) with accredited parties in Australia. We store CDR data in Australia with Microsoft Azure in their Australian East region. CDR Data is always encrypted in transit and at rest including all backups.
In carrying out the purposes listed above, we disclose CDR data to third parties and outsourced service providers as follows. Third parties
- Basiq: we partner with Basiq to collect Transaction Data from your financial institution
- Merchants: we share aggregated and or de-identified data with merchants to help them better provide their products and services to Greener app members
- Experian: we partner with Experian who enrich de-identified Transaction Data with information such as a merchant trading name and ANZSIC code
Outsourced service providers
- Shadowboxer: we partner with digital agency Shadowboxer to design and develop Greener’s digital platform, including the Greener mobile app
If we share your CDR data with any accredited person, we will ensure that we have your consent before we do this.
Our promise to you
You may request access to the CDR data that we hold about you. Where you submit an access request to us we will provide you access to your CDR data in accordance with the CDR access requirements.
If you believe that any CDR data we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, you have the right to request the correction of your CDR data. Where you submit a correction request to us we will promptly take steps to correct your CDR data. You can also ask the Data Holder to correct the information.
If you have given us consent to collect and manage your CDR data, you may withdraw your consent at any time. However, if you withdraw your consent, while you may retain access to the Greener mobile application, we may not be able to continue providing some or all of the Greener services to you. If you withdraw your consent, we’ll delete your data if you requested us to do so when you first consented.
We’ll only ask for data that is absolutely necessary and will only hold it for the minimum amount of time it is needed to provide the service. You may request that we delete redundant data that we hold about you. Where you submit a deletion request to us we will promptly respond to your deletion request and take the steps described in the ‘Our deletion and de-identification policy’ section below. We only use your data for the purpose you have agreed to and we will delete it after it has been used for that purpose. When you withdraw your consent, your data is automatically deleted if you requested for it to be deleted at time of consent – otherwise we may instead de-identify it.
You may submit the above requests via the functionality in the mobile application (otherwise known as the consumer dashboard) or by contacting us at the contact details on our website and at the end of this Consumer Data Right Policy. Where we receive a request, we may require that you provide further information so that we can respond to your request. We will respond to your request and let you know the outcome of your request.
You may submit the above requests via the functionality in the mobile application (otherwise known as the consumer dashboard) or by contacting us at the contact details on our website and at the end of this Consumer Data Right Policy. Where we receive a request, we may require that you provide further information so that we can respond to your request. We will respond to your request and let you know the outcome of your request.
Deleting and de-identifying old data
When data is no longer required for any purpose permitted by law it becomes redundant data. We will destroy, delete or de-identify redundant data unless we have a legal obligation to maintain the data, such as for legal reporting purposes or by a court or tribunal order, or if we need or reasonably anticipate that we will need the redundant data for legal or dispute resolution proceedings. Unless you have asked us to delete your redundant data, our general policy is to decide whether to delete, destroy or de-identify redundant data once it becomes redundant.
Where we delete or destroy CDR data we delete it from our storage, we delete all copies of it and if we have disclosed it to any third party we ask them to delete it.
We may also de-identify CDR data which has not become redundant in the process of creating analytics. We use these analytics to inform our product improvement and development. Sometimes we also disclose these analytics to merchants we partner with and to you to provide you with general insights about users of Greener, and for invoicing purposes. We may also share de-identified CDR data with third party fraud prevention tools for the purpose of fraud detection and prevention.
If a service does not require the ongoing use of your de-identified CDR data, you have the option to have it deleted. You can decide this when you first grant consent and any time during the consent lifecycle.
Where we de-identify CDR transaction data, we do this by removing all personally identifiable information within the CDR dataset and any other information that could identify you to individual purchases. Steps include, but are not limited to:
- removing the transaction’s userID (no link to any user ID remains)
- removing the time portion of the transaction date time stamp
- removing the transaction description (identifying any information that might specify the merchant’s location)
The remaining data is now anonymous and unable to be re-identified.
Making a complaint
We’ll always do our best to exceed your expectations, but we know we may not always get it 100% right.
So, if you’re not happy with the way we handle your data for any reason, please get in touch.
Find out more about our Dispute Handling