About The Consumer Data Right
The Consumer Data Right (CDR) enables you to share certain banking data with accredited persons, such as another bank or organisation. As the banking sector is the first to adopt the CDR, ‘Open Banking’ is the CDR’s first phase. The energy sector and other sectors will follow.
Giving you control of your data
Open Banking is intended to give you greater access and control over banking data and allow you to share that data safely, efficiently and conveniently with accredited organisations (also known as Accredited Data Recipients or "ADRs").
The CDR only applies in relation to certain types of product and banking data at present. From 1 July 2021, you can request Judo to share certain data relating to your Term Deposit account(s), such as balances, rates and transaction data. You will be able to request to share certain data about all other Judo products by November 2022. Refer to the timeline below for more details.
Types of CDR Data
We share the following types of CDR data:
You can choose the information you want to share and how long you want to share the data for (e.g. just once or for 3 months, 6 months or up to 12 months)
We'll share CDR data as required by CDR laws and will not share any other kind of data.
Sharing my data
An eligible Judo customer can share their data with an ADR, such as a budgeting app or internet banking app, once they authorise us to do so.
You are eligible to share your banking data if you:
- Are over 18
- Have a Judo product that is accessible online (refer to timeline below)
- Have a valid mobile phone number connected to your Judo account (required to authenticate with a one-time-password. We will never ask for your internet banking password)
How do I share my data?
- In your ADR app or website, select what banking data you would like to share
- Select the period of time you would like to share your data for (e.g. once or over a period of time. Cannot be more than 12 months)
- Select "Judo Bank" to commence the data sharing consent process
- You will be prompted to enter your Judo login credentials and then verify who you are using a One-Time-Password (OTP). You will never be asked for your internet banking password.
- Next, you will see Judo screens where you can select the entity and accounts you would like to share data from
- Confirming the data being shared, you will then be returned to the ADR app or website you have elected to share data with
When data will be available
You can view, manage or revoke your data sharing consents at any time. The data sharing agreement you have with each ADR, governs how your CDR data is deleted or de-identified after your sharing consent is revoked.
Open Banking FAQs
Q: Who can share their data?
Currently, only individuals (single-person) who are 18 years or older with an online account can share their data. In future, joint account holders, partnerships, corporate trustees and companies will also be able to share their data.
Refer to the timeline above.
Q: I’m a developer wanting Judo Product Reference Data, how can I get that?
The Application Programming Interface (API) is for developers to access publicly available product data from Judo to facilitate services such as market-wide product comparisons.
CDR Product Reference Data API root: https://open.judo.bank/cds-au/v1/banking/products/
The data is disclosed, in machine-readable form in accordance with the Consumer Data Standards.
Important note - sharing this data through the CDR open banking API is limited to products and their availability noted on the timeline above.
Q: How do I view and manage who I am sharing data with?
You can view and manage your data sharing on the accredited third-party app you are using the data with or via the Judo Open Banking Dashboard.
On your Judo Open Banking Dashboard, you will see a list of all the ADRs you are sharing data with now and in the past. You will be able to view their details, the data being shared and when your authorisation will expire or has expired. You also are able to immediately stop sharing data with any ADR by pressing the “Stop sharing” button on the details screen for any currently active sharing arrangement.
If you are having issues accessing your dashboard, please contact us on 13 Judo (13 58 36) or fill out a contact form on our website so we can get in touch with you. We will aim to action your request within 2 business days of notification.
Q: My data doesn't look correct. What do I do?
If you request us to correct your CDR data and we’ve already disclosed that data, we will:
- acknowledge receipt of your request as soon as practicable; and
- correct the data (to the extent we can) within 10 business days of your request, free of charge.
- notify you as to how we responded to your request or, if it was not considered appropriate to correct the data, tell you why a correction is unnecessary or inappropriate and advise you of our complaint mechanisms.
To contact us please call 13 JUDO (13 5836) or fill out a contact form here so we can contact you.
If we are made aware of any inaccurate, out of date or incomplete CDR data we will advise you as soon as is practicable, or at least within 5 business days, by email of the data inaccuracy, including the following details:
- The error in the CDR data
- The ADR(s) who received the incorrect CDR data
- The date of disclosure
- That Judo will disclose the corrected CDR data (at no charge) to the ADR if requested by you
- Our complaint mechanisms
Q: My issue has not been addressed. How do I make an enquiry or complaint?
If you have an enquiry, you are welcome to get in touch with us via 13 JUDO (13 5836) or fill out a contact form here so we can contact you.
You can register a complaint directly with Judo’s Complaints Officer in the first instance.
- Phone: 13 JUDO
Mail: Complaints Officer c/o: Judo Bank Pty Ltd, Level 3, 40 City Road, Southbank VIC 3006
Judo will follow these steps to address and manage your complaint:
- (a) make a record of your complaint;
- (b) within one Business Day of receiving a complaint, acknowledge your complaint in writing; and
- (C) within 30 calendar days of receiving a complaint, investigate the complaint and provide a response to you in writing.
In order to deal with your complaint, we may require certain information from you including your name, contact details, details of your product and a description of your complaint. We will aim to resolve your complaint as soon as possible and, in any case, within the above timeframes, free of charge.
External dispute resolution
If you are not satisfied with how a complaint has been handled, you can lodge a complaint directly with either:
(a) the Office of the Australian Information Commissioner (OAIC), if your complaint is about the handling of your CDR data; or
(b) the Australian Financial Complaints Authority (AFCA), of which Judo Bank is a member, our external dispute resolution scheme.
Phone: 1300 363 992
Mail: OAIC, GPO Box 5218,Sydney, NSW 2001
Phone: 1800 931 678
Mail: AFCA, GPO Box 3, Melbourne, VIC 3001
Time limits to make a complaint to AFCA apply.
Q: Where can I get more information about open banking and Consumer Data Right?
To find out more information about open banking and the CDR click here
Q: What are my Judo login credentials?
To receive the one-time-password (OTP), as part of the consent process, you will need your Judo login credentials. This will be your email address (that is linked to your account), date of birth and mobile number. If you are unable to authenticate or unsure of these credentials, please call13JUDO (13 36 58) for assistance.
Q: How safe is Open Banking?
Your privacy is our priority. We understand that giving third party access to your banking data may seem a little daunting. Rest assured, Open Banking has privacy protections in place that will ensure your data is shared safely and securely. The privacy protections include:
- You choose if you want to participate and who you share your data with
- Only third parties that are accredited by the ACCC can seek permission to access your data
- You can manage which data you share and cancel sharing at any time
- You can ask for your data to be deleted by the third party. You can authorise third parties to access your data for a nominated time, up to 12 months
- After 12 months, third party access to your data will automatically expire. This means they will not have access to your data for an indefinite amount of time
No Question's Found!
This policy outlines how Judo Bank Pty Ltd ACN 615 995 581, ACL and AFSL 501091 (Judo, we, us or our) manages certain data under the CDR regime in our capacity as a ‘Data Holder’ under that regime. Broadly, it describes how you may seek access to, or disclosure of, your ‘CDR data’, how you may correct any CDR data we hold about you and our complaints handling process.
For an electronic copy of this CDR Policy click here.