Fiskil Services Agreement

This policy provides information about how Fiskil manages data under the Consumer Data Right (CDR). Specifically, this policy explains how Fiskil can collect, use, hold and disclose your data that you consent to sharing with us. This ensures transparency and trust between all parties, as well as ensuring the quality, integrity and security of your personal information under applicable CDR legislation and Privacy Laws.

Please refer to the Fiskil Privacy Policy on our website for information on how Fiskil collect, use, hold and disclose your personal information, as well as ensure the quality, integrity and security of your personal information under applicable Privacy Laws more generally,

Your Rights as a Consumer
Overall Rights

The data you provide to someone has no bearing on your ability to control who you can share your data with.

Any recipient of data is regulated by the ACCC and must meet requirements like continuous quality monitoring, dispute resolution, security measures, audit and other stipulations in place by the Data Accreditation Body.

When it comes to sharing your data with an accredited recipient, you can share data held by a known Data Holder (for example, a financial institution) 

Fiskil may use or disclose de-identified redundant data (which is available to them by any means) without having to seek further consent from you.

Consent Management

You have rights to decide which data types you will share, such as profile, payments, transaction, or product information; how long you will be sharing, whether it is a one-time sharing or an ongoing process; and whether you want to receive marketing material based on the data you have shared.

As long as you've given consent, it will last for a maximum of 12 months, until you stop consenting, or re-grant consent.

You have the ability to manage your consent from either of the dashboards that the Data Recipient or the one that the Data Holder provide you.

Your consent can be withdrawn at any time, in several ways, such as by using the dashboard that the Data Recipient uses to gain consent, the one that the Data Holder uses, or via a letter.

With written notification, the revocation must be completed within two business days. Your change in consent status (for example, active, expired, or withdrawn) will be reflected in the consent dashboard in near real-time. Fiskil will remove your data if you revoke your consent.

Withdrawing your consent prevents the services that the Data Recipient offers from being provided to you.

Data Management

You must contact us to request data correction. Erroneous data must be provided for data analysis and data correction. Fiskil will, upon notification by phone or email, update the consumer dashboard with the request and notification of the corrective action, if applicable.

Where applicable, all notices are emailed out via the consumer's dashboard. The notice lists Fiskil's response to the request, any action taken, and any options for resolving any dissatisfaction that the consumer may have.

Data Deletion

Fiskil must obey the rules of data minimisation, which requires that only the required data is held. This is directly relevant to why data capture is done.

You may advise that your collected data, and any information generated from it, be removed when it becomes redundant. Consent must be granted or obtained before it can be revoked or expire.

Data Disclosure

To ensure customer control over their data, Fiskil does not provide information to third parties to engage in direct marketing. This means that:

  • Fiskil does not share or use your personal data (including banking data) for commercial purposes.

  • Fiskil does not provide personal banking data to non-accredited or accredited individuals, regardless of their location.

  • Fiskil does not release your data to anyone. If these arrangements change, this list will also be adjusted using the outsourcing arrangements.

Outsourced Service Providers

Fiskil does not provide CDR data to any outsourced providers. Fiskil develops and maintains its own software for use with banking data collected under the CDR Rules.

Data Storage Locations

Your data is onshore and only resides in Australia. Storage policies from outsourced parties will be used for this list's maintenance.

Complaint Management and Dispute Resolution

To speak with Fiskil regarding how your personal information is managed, please use the details below.

We will acknowledge your complaint once Fiskil have received your complaint. You will be notified if Fiskil require further information to resolve your complaint.

We strive to deal with complaints swiftly. Some complaints can take up to five (5) business days to resolve. You will be informed when things progress and when you may fairly expect a response.

You may also contact our Complaints Officer, who can perform an independent review of your issue if you are not satisfied by Fiskil’s response. The Complaints Officer can be reached at

As long as you submit your complaint to our Complaints Officer, you have the option to raise your complaint with regulators that may be relevant in the future.

Personal information can be the subject of a complaint under the Privacy Act to the Australian Information Commissioner (OAIC). All complaints must be submitted to the respondent organisation first. The organisation is given 30 days to handle the matter before a person may lodge a complaint to the OAIC. The OAIC can be contacted at:

  • Office of Australian Information Commissioner

  • GPO Box 5218

  • Sydney NSW 2001

  • Phone: 1300 363 992

  • Email:


Additionally, the Australian Financial Complaints Authority (AFCA) can consider complaints that relate to the provision of credit or credit reporting information, in general. AFCA can be contacted at:

  • Email:

  • Phone: 1800 931 678 (free call)

  • Mail: Australian Financial Complaints Authority GPO Box 3 Melbourne VIC 3001

What This Policy Means for You

Financial service providers are required to hold data about their customers, so that they can provide you with a product or service and improve their offerings. Some of this data is classified as ‘CDR data’ and as a result, this makes these financial service providers a ‘Data Holder’ (as opposed to a ‘Data Recipient’).

Customer bank account data is needed to allow customers to bank online. To access this data, customers must be identifiable or "reasonably identifiable," and the requested data is relevant to their needs.

As an Accredited Data Holder and Recipient, Fiskil helps organisations by providing the necessary technology to enable their CDR journeys. Fiskil provide this service by offering secure data storage services for service providers to store CDR data on their behalf. As part of the government's Open Banking initiative, CDR data can be used and shared securely via our service.

The rules for Open Banking are set by the Consumer Data Right (CDR), which seeks to maximise the number of options and controls available to Australian citizens when it comes to the usage and disclosure of their personal data.