About The Consumer Data Right
The Consumer Data Right (CDR) enables you to share certain banking data with accredited persons, such as another bank or organisation. As the banking sector is the first to adopt the CDR, ‘Open Banking’ is the CDR’s first phase. The energy sector and other sectors will follow.
Giving you control of your data
Open Banking is intended to give you greater access and control over banking data and allow you to share that data safely, efficiently and conveniently with accredited organisations (also known as Accredited Data Recipients or "ADRs").
The CDR only applies in relation to certain types of product and banking data at present. From 1 July 2021, you can request Judo to share certain data relating to your Term Deposit account(s), such as balances, rates and transaction data. You will be able to request to share certain data about all other Judo products by March 2023. Refer to the timeline below for more details.
Judo Bank data holder
As a “data holder” Judo shares your banking data free of charge with other third parties, as long as they are an Accredited Data Recipient (ADR) and you have given appropriate consent to such sharing or unless otherwise required by law.
You can choose the information you want to share and how long you want to share the data for (e.g. just once or for 3 months, 6 months or up to 12 months)
We'll share CDR data as required by CDR laws and will not share any other kind of data.
Sharing my data
An eligible Judo customer can share their data with an ADR, such as a budgeting app or internet banking app, once they authorise us to do so.
You are eligible to share your banking data if you:
- Are over 18
- Have a Judo product that is accessible online (refer to timeline below)
- Have a valid mobile phone number connected to your Judo account (required to authenticate with a one-time-password. We will never ask for your internet banking password)
How do I share my data?
- In your ADR app or website, select what banking data you would like to share
- Select the period of time you would like to share your data for (e.g. once or over a period of time. Cannot be more than 12 months)
- Select "Judo Bank" to commence the data sharing consent process
- You will be prompted to enter your Judo login credentials and then verify who you are using a One-Time-Password (OTP). You will never be asked for your internet banking password.
- Next, you will see Judo screens where you can select the entity and accounts you would like to share data from
- Confirming the data being shared, you will then be returned to the ADR app or website you have elected to share data with
When data will be available
You can view, manage or revoke your data sharing consents at any time. The data sharing agreement you have with each ADR, governs how your CDR data is deleted or de-identified after your sharing consent is revoked.
Open Banking FAQs
Q: Who can share their data?
Currently, only individuals (single-person) and joint account holders who are 18 years or older with an online account can share their data. In future partnerships, corporate trustees and companies will also be able to share their data. Refer to the timeline above.
For joint accounts, an account holder can share data without approval of the other party. All account holders will be notified that data sharing has commenced and have the right to revoke also.
If data sharing has been revoked and an account holder wishes to re-consent, all parties will need to approve this sharing request. Once approved, account holders can then consent to share again without the approval of other parties.
Q: How do I view and manage who I am sharing data with?
You can view and manage your data sharing on the accredited third-party app you are using the data with or via the Judo Open Banking Dashboard.
On your Judo Open Banking Dashboard, you will see a list of all the ADRs you are sharing data with now and in the past. You will be able to view their details, the data being shared and when your authorisation will expire or has expired. You also are able to immediately stop sharing data with any ADR by pressing the “Stop sharing” button on the details screen for any currently active sharing arrangement.
If you are having issues accessing your dashboard, please contact us on 13 58 36 or fill out a contact form on our website so we can get in touch with you. We will aim to action your request within 2 business days of notification.
Q: My data doesn't look correct. What do I do?
- acknowledge receipt of your request as soon as practicable
- correct the data (to the extent we can) within 10 business days of your request, free of charge
- notify you as to how we responded to your request or, if it was not considered appropriate to correct the data, tell you why a correction is unnecessary or inappropriate and advise you of our complaint mechanisms
If we are made aware of any inaccurate, out of date or incomplete CDR data we will advise you as soon as is practicable, or at least within 5 business days, by email of the data inaccuracy, including the following details:
- The error in the CDR data
- The ADR(s) who received the incorrect CDR data
- The date of disclosure
- That Judo will disclose the corrected CDR data (at no charge) to the ADR if requested by you
- Our complaint mechanisms
Q: My issue has not been addressed. How do I make an enquiry or complaint?
You can register a complaint directly with Judo’s Complaints Officer in the first instance.
- Phone: 13 58 36
Mail: Complaints Officer c/o: Judo Bank Pty Ltd, Level 3, 40 City Road, Southbank VIC 3006
Judo will follow these steps to address and manage your complaint:
- (a) make a record of your complaint;
- (b) within one Business Day of receiving a complaint, acknowledge your complaint in writing; and
- (C) within 30 calendar days of receiving a complaint, investigate the complaint and provide a response to you in writing.
In order to deal with your complaint, we may require certain information from you including your name, contact details, details of your product and a description of your complaint. We will aim to resolve your complaint as soon as possible and, in any case, within the above timeframes, free of charge.
External dispute resolution
If you are not satisfied with how a complaint has been handled, you can lodge a complaint directly with either:
(a) the Office of the Australian Information Commissioner (OAIC), if your complaint is about the handling of your CDR data; or
(b) the Australian Financial Complaints Authority (AFCA), of which Judo Bank is a member, our external dispute resolution scheme.
Time limits to make a complaint to AFCA apply.
Q: I’m a developer looking for Judo Product Reference Data. Where can I get this information?
The Application Programming Interface (API) is for developers to access publicly available product data from Judo to facilitate services such as market-wide product comparisons.
The CDR Product Reference Data API root is available at: https://public.open.judo.bank/
The data is disclosed, in machine-readable form in accordance with the Consumer Data Standards.
Important note - sharing this data through the CDR open banking API is limited to products and their availability noted on the timeline above.
Q: What are my Judo login credentials?
You will need to provide your Judo login credentials to receive the one-time password (OTP) as part of the Open Banking consent process. Your Judo login credentials will be the email address linked to your Judo account, your date of birth and your mobile phone number. If you are unable to provide these credentials or are unsure of them, please call 13 58 36) for assistance.
Q: How safe is Open Banking?
Your privacy is our priority. We understand that giving third party access to your banking data may seem a little daunting. Rest assured, Open Banking has privacy protections in place that will ensure your data is shared safely and securely. The privacy protections include:
- You choose if you want to participate and who you share your data with
- Only third parties that are accredited by the ACCC can seek permission to access your data
- You can manage which data you share and cancel sharing at any time
- You can ask for your data to be deleted by the third party
- You can authorise third parties to access your data for a nominated time, up to 12 months
- After 12 months, third party access to your data will automatically expire. This means they will not have *access to your data for an indefinite amount of time
No Question's Found!
This policy outlines how Judo Bank Pty Ltd ACN 615 995 581, ACL and AFSL 501091 (Judo, we, us or our) manages certain data under the CDR regime in our capacity as a ‘Data Holder’ under that regime. Broadly, it describes how you may seek access to, or disclosure of, your ‘CDR data’, how you may correct any CDR data we hold about you and our complaints handling process.
For an electronic copy of this CDR Policy click here.