This policy provides information as to how you can access and manage your data under the Consumer Data Right ("CDR") laws - which is referred to in this policy as your "CDR Data".
For further details on the CDR laws please refer to www.treasury.gov.au/consumer-data-right
For details on how we collect, use and disclose your personal information, please refer to our Privacy policy on our website at www.citigroup.com.au/privacy.
This CDR policy covers the sharing of your data to accredited third parties. This policy may change as a result of future provisions or updates to the CDR laws. Please refer to our website for the latest version of our CDR policy. Alternatively, if you would like a copy of our CDR policy to be sent to you, you can contact us at www.citibank.com.au/contact-us to request for an electronic or paper copy of our CDR policy.
On 1 June 2022, Citigroup Pty Limited ABN 88 004 325 080 ("Citi") sold its consumer banking business to National Australia Bank Limited ABN 12 004 044 937 ("NAB"). As part of this sale, all consumer financial and credit products and all open accounts (together with some closed accounts) were transferred to NAB. This CDR policy applies to those closed accounts and the associated CDR Data that did not transfer to NAB as part of the sale of the consumer banking business and continue to remain with Citi.
Citi/our/us/we means Citigroup Pty Limited (ABN 88 004 325 080), Australian credit licence 238098.
The Consumer Data Right is a law that forms a single customer-driven data sharing framework across the Australian economy.
Under the CDR Rules, there are three ways to request CDR Data:
• Disclosure of CDR Data that relates to products offered by a Data Holder;
• Authorise an accredited third party (for example, an accredited data recipient) to request access to your CDR Data; and
• Directly request for your CDR Data to be disclosed.
Under the CDR laws the following sets of data are to be made available to an accredited data recipient:
• Name, occupation, contact details
• Account balance and details
• Transaction details
• Direct debits and schedule payments
• Saved payees
However, under the CDR regime, a consumer is only eligible to share their CDR Data where the consumer is an account holder or a secondary user for an account with the Data Holder that is open. All open accounts were transferred to NAB on 1 June 2022 as part of the sale of Citi's consumer credit business to NAB on 1 June 2022. Accordingly, there are no customers who are eligible to require Citi to share their CDR Data.
Over time as the CDR laws expand, the set of required data may broaden to include other data sets. Please refer to our latest CDR policy for the sets of data which Citi will make available under the CDR laws. We currently only share data as required under the CDR laws.
As noted in the "About this policy" section, under the CDR regime, a consumer is only eligible to share their CDR Data where the consumer is an account holder or a secondary user for an account with the Data Holder that is open. All open accounts were transferred to NAB on 1 June 2022 as part of the sale of Citi's consumer banking business. Accordingly, there are no customers who are eligible to require Citi to share their CDR Data. Should you have any queries, please refer to the "Contact us" section below.
You can view or withdraw your consent at any time before 1 June 2022 by signing-on to Citi Online or Citi Mobile® App. Here you will be able to view all active, expired and withdrawn data sharing arrangements that you have set up. Alternatively, to withdraw your request in writing or over the phone, please contact us by visiting: www.citibank.com.au/contact-us.
Any active consents relating to CDR Data for closed accounts that did not transfer to NAB automatically expired on 1 June 2022.
From 1 June 2022, your CDR Data is no longer able to be shared or accessed, however you will be able to continue to access your personal information through Citi's other channels. Please refer to the Citi Privacy policy or contact us on 13 24 84 for further information.
If you have reason to believe your CDR Data has been shared incorrectly to a data recipient, please call us on 13 24 84.
We will respond to all requests for correction in writing within 10 business days during which we will inform you of our investigation and whether the CDR Data was accurate or a correction of your CDR Data needs to be made. No fees will be charged for this service. If you are not satisfied with the response received, you can make a complaint to us - please refer to the process below.
Under the CDR Rules, the accredited data recipient is responsible for the deletion and/or de-identification of your CDR Data.
The CDR Data deletion process is applied by an accredited data recipient when deleting data in accordance with a CDR consumer's right to deletion and when deleting redundant data in accordance with the privacy safeguards in the CDR Rules.
If you have reason to believe that we have not complied with our obligations under the CDR laws with respect to the way we handle your CDR Data or if you would like to make a formal complaint, you can raise this at any time with our Customer Relations Unit.
When raising a complaint in relation to your CDR Data, we may require the following information:
• What CDR Data is involved;
• Who the CDR Data has been shared with;
• What account(s) are impacted;
• How we can assist to resolve your complaint.
There are three ways you can lodge your complaint:
1. By telephone
Call 1300 308 935 (within Australia) or +61 2 8225 0615 (from overseas) between 9 AM – 5 PM Monday to Friday (AEST).
2. In writing
Mail your written complaint to:
Citigroup Pty Limited
Customer Relations Unit
GPO Box 204, Sydney NSW 2001
3. By email
Email us at any time: aust.customeradvocacyunit@citi.com
We will try to resolve your complaint quickly and fairly, however some complaints do take more time than others. If we anticipate that your complaint will take longer than 21 days to resolve, we will contact you within this time to provide you with an update on our progress.
If we are unable to resolve your complaint within 30 days, we will:
(a) tell you the reasons for the delay;
(b) tell you the date by which you can reasonably expect to hear the outcome of our investigation;
(c) give you monthly updates on the progress;
(d) tell you about your right to complain to the Australian Financial Complaints Authority (AFCA) if you are dissatisfied; and
(e) provide you with contact details for AFCA.
For further information about our complaints process, including how long we take to acknowledge and respond to a complaint, please refer to https://www1.citibank.com.au/our-complaints-process.
If, despite our best efforts, you remain unhappy with the outcome or handling of your complaint, you may escalate your complaint further and contact AFCA for an external review:
Website : www.afca.org.au
Email : info@afca.org.au
Phone : 1800 931 678 (free call)
Mail : Australian Financial Complaints Authority, GPO Box 3, Melbourne, VIC, 3001
You may also raise concerns with your CDR Data to the Office of the Australian Information Commissioner (OAIC). The OAIC acts as an impartial third party when investigating and resolving a complaint in relation to the handling of your CDR Data. You can contact the OAIC through:
Website : www.oaic.gov.au
Email : enquiries@oaic.gov.au
Phone : 1300 363 992
Mail : Office of the Australian Information Commissioner
GPO Box 5218, Sydney, NSW 2001
For more information visit us at www.citibank.com.au .
If you are calling within Australia:
13 CITI (13 24 84)
If you are calling outside Australia:
+61 2 8225 0615
For general correspondence or to notify us of things please write to:
GPO Box 40
Sydney NSW 2001
For privacy related enquiries contact the Citigroup Privacy Officer:
Email : privacy.officer@citi.com
Address : GPO Box 204, Sydney NSW 2001
Phone : the numbers above
Please do not include account numbers or other sensitive information in emails, since it may not be secure.