Wych provides a personal finance management service that can access your personal banking information securely via the governments’ Open Banking initiative. The rules for Open Banking are defined by the Consumer Data Right (CDR) which aims to provide greater choice and control for Australians over how their data is used and disclosed.
In order to access customer banking data, a person must be identifiable, or ‘reasonably identifiable’ and the data requested from the bank accounts nominated relates to them and is appropriate for that person's use. This includes banking data from a joint account.
Collection of your personal banking data
Wych adopts a data minimisation approach and only collects information which is necessary to provide its personal finance management service.
There are no fees for accessing your personal banking data and Wych does not accept consumer requests to access any additional data such as voluntary product or consumer data that the bank may have but not obligated to supply under the CDR rules.
All data collected, with a person’s consent, is used in providing Wych personal finance services via an app. In this context, data which Wych will access for the duration of the consent is:
customer and account information,
and transactions made to and from the bank account nominated.
This will occur several times a day in order to supply the most up to date notifications required for the Wych service to be useful as a finance management tool (for which it is intended).
A consent receipt is provided at the time of providing consent. Both the consent provided, in terms of its scope and duration, and a summary of data retrieved from the nominated bank account are provided in a dashboard available from the mobile app. Wych customers will be able to change the consent provided or communicate any changes via this dashboard.
Classes of CDR data
The following classes of data are held by Wych:
Name of account
Type of account
Account mail address
Incoming and outgoing transactions
Descriptions of transactions
Who you have sent money to and received money from (e.g. their name, BSB, account number)
In some case we may also provide services which retrieve other data. We’ll always tell you if we need a particular type of information to deliver our service to you.
Obtain direct debit authorisations
Obtain scheduled, outgoing payments
Names and details of saved payee accounts
Purposes of CDR data
Account information and transaction details are collected by Wych so we can support users with their financial goals. This information is used to provide users with insights about where their money is going, and tools to manage their money more effectively.
To provide a positive consumer experience and ensure consumer control over their data, Wych does not provide information to third parties to engage in direct marketing. We may send information to customers from time to time relating to products and services that can assist with their financial goals and general financial wellness.
Wych does not disclose or use your personal data (including banking data) for commercial purposes.
Wych does not disclose your personal banking data to any non-accredited or accredited persons, be they in Australia or overseas.
Outsourced service providers
Wych does not provide CDR data to any outsourced providers. Wych develops and maintains its own software for use with banking data collected under the CDR Rules.
Accessing and correcting your personal information
A user can request correction of their data through the contact us channels listed below.
Sufficient details must be provided in order to assess and correct the data that is incorrect. If notified by phone or email, Wych will update the consumer dashboard, as soon as practical, with the request and later with the notification of the corrective action if applicable.
Once assessed, notice is given over email and the consumer’s dashboard. The notice sets out what Wych did in response to the request, any corrective action or comments, and the complaint mechanism available to the consumer if they are not satisfied.
How to contact us
How to make a complaint or request redress
If you believe that there has been a breach of the CDR rules by Wych or wish to request a correction, deletion or apology, please submit your CDR consumer data complaint via email to firstname.lastname@example.org.
Please include the following information when submitting your complaint.
Your contact details;
Your preferred contact method of complainant (phone / email / letter); and,
The details of your complaint.
A CDR complaint can be made at any time. Once your complaint is received, Wych will acknowledge receipt of the complaint within one (1) business day of being received.
Wych will investigate your complaint and attempt to provide you with a written response to resolve the complaint, within thirty (30) calendar days of receipt of your complaint.
If your complaint remains unresolved after thirty (30) calendar days, you will be advised in writing that additional time is required to complete the investigation and to provide a response.
When the complaint is resolved, you will receive a ‘final response’ letter within 45 days, informing you of:
the final outcome of your complaint or dispute;
your right to take their complaint or dispute to External Dispute Resolution; and
if you are not satisfied with the response, you may lodge a complaint with the Australian Financial Complaints Authority or the Office of the Australian Information Commissioner. Their contact details are given below.
If your complaint remains outstanding within thirty (30) days, Wych must write to you to:
inform you of the reasons for the delay;
specify a date when a decision can be reasonably expected;
informs your of your right to take your complaint or dispute to an External Dispute Resolution; and
if you are not satisfied with our response, you may lodge a complaint with the Australian Financial Complaints Authority or with the Office of the Australian Information Commissioner (OAIC). Their contact details are given below.
The Office of the Australian Information Commissioner (OAIC):
The Australian Financial Complaints Authority:
Telephone: 1800 931 678
Mail: Australia Financial Complaints Authority, GPO Box 3, Melbourne, VIC 3001, Australia
Accessing and correcting your personal information
The CDR data we hold about you is accessible to you via the Wych app and your CDR Dashboard. If you would like to access your data in a different format for the purpose of a CDR data correction, please contact us and we will provide the CDR data in another format where it is possible to do so. A user can request correction of their data through the contact us channels listed below.
Sufficient details must be provided to assess the issue and make corrections. Once assessed, notice is given over email that states what Wych did in response to the request, any corrective action or comments, and the ability to make a complaint if not satisfied.
Events for notifying CDR consumer
Wych does not make a consumer’s data banking data accessible or visible to outside organisations. Wych employs stringent up to date information security practices.
In the event of a data breach e.g. someone gaining unauthorised access which results in loss of CDR data, we would notify a CDR consumer as soon as practical in order for the consumer to take appropriate action if required.
Wych will also inform you:
When you consent to collect, use and/or disclose your CDR data
When your consent expires
When you amend or withdraw a consent
When we disclose to any accredited persons
When we disclose to any non-accredited entities such as a trusted advisor
When we access your data
When you request a correction of your data
Notifications will be provided either at the time of the event when you are present, via email or in-app notification and the consent dashboard will update with information about when your data was last accessed.
Consequence of withdrawing consent
When you stop sharing data with Wych, then we will stop collecting data from this account. We will also delete any data we previously received from this account.
Without this data, we will be limited in our ability to help you track your budget.
The detailed impact of using Wych is as follows:
Transaction Details: If you stop sharing these details we will no longer be able to identify how much money you have spent.
Direct debits and scheduled payments: If you stop sharing these details we will no longer be able to identify the amount of regular payments you make.
Deleting CDR data
You can stop sharing data with us at any time by going to your data sharing dashboard within the app:
Settings > Data Sharing, or by writing to us at email@example.com
We will delete all banking data collected under a user’s consent, along with any derived data, within 24 hours of the following events:
Your consent for access to banking data expires
You stop sharing data with us before consent expires, or, you request data sharing to stop via the bank holding the account
You delete your Wych account
Your bank notifies us that you cease to be an eligible consumer with them
When any of these events occur, subject to not requiring that the data is held by Australian law, Wych will delete the users data using a scheduled daily process. The process deletes all bank data for the accounts for which consent was held. This includes data derived from the banking data obtained.
Wych does not currently provide any representative arrangements.
Availability of policy
This policy is available on our website (www.wych.it) and within the Wych app by going to ‘Data Sharing’ and selecting the appropriate provider.
A hardcopy of this policy can be obtained by emailing firstname.lastname@example.org