Frollo, as an Accredited Data recipient, provides Money Management features that can access your personal banking information securely via the governments’ Open Banking initiative. The rules for Open Banking are defined by the Consumer Data Right (CDR) which aims to provide greater choice and control for Australians over how their data is used and disclosed.
Collection of your personal banking data
Frollo adopts a data minimisation approach and only collects banking information which is necessary to provide its Money Management features, such as Personal Financial Management and Financial Passport to provide a view of your financial position.
There are no fees for accessing your personal banking data and Frollo does not accept consumer requests to access any additional data such as voluntary product or consumer data that the bank may have but not obligated to supply under the CDR rules.
All data collected, with a person’s consent, is used in providing Frollo Money Management features. In this context, data which Frollo will access for the duration of the consent is:
- customer and account information,
- bank balances,
- transactions made to and from the bank account nominated,
- and contact details.
Frollo will collect, hold and use your data in accordance with the purpose of the service we are providing. CDR data is held and stored on your behalf in secure systems, located in Australia. Frollo processes your data to create personal insights about the information contained in your CDR data, which is then presented back to you. We do not share this information with anyone else without your consent.
Frollo provides a consent dashboard for the management of your consents which includes a receipt of the consent, its scope and duration with a summary of the data received. You can revoke your consent at any time from the consent dashboard.
Classes of CDR data
The following classes of data are held by Frollo and used to provide Money Management features through its mobile app and Web applications:
- Name of account
- Type of account
- Account balance
- Account number
- Interest rates
- Account terms
- Account mail address
- Incoming & outgoing transactions
- Descriptions of transactions
- Who you have sent money to and received money from (e.g. their name, BSB, account number)
Other services we offer might provide you with the option to choose whichever types of data you like, including those shown below. We’ll always tell you if we need a particular type of information to deliver our service to you.
- Email address
- Mail address
- Residential address
- Obtain direct debit authorisations
- Obtain scheduled, outgoing payments
- Names and details of saved payee accounts
Purposes of CDR data
Frollo collects, holds, uses and discloses CDR data for the purposes of providing you with a personal financial management application that enables you to view, on a continuous basis, historic and current transaction and other financial information from the bank accounts that you have connected to the application. This includes surfacing insights about spend patterns over time, bills detection, income detection and analysis of assets and liabilities.
Account information, transaction and contact details are collected, held and used by Frollo in accordance with the following services.
- Personal Financial Management uses this information to provide users with insights about where their money is going, and tools to manage their money more effectively. This includes a financial statement providing a view of your money in and money out.
- Financial Passport uses this information to provide insights on your finances, producing a detailed Financial Passport that can be used when applying for loans.
- Money Partner uses this information to provide users with real-time tools and insights to manage their money more effectively. This includes the ability to disclose information to a financial advisor for financial advisory services.
- We analyse non-identifiable statistical data to help us improve our service and user experience, and to ensure we’re building products that have a positive impact on the financial wellbeing of our users.
- We also derive insights such as consumer spending by category and changing patterns in savings balances that we hold as non-identifiable statistical data to understand financial trends across our customer base. We publish these trends on our website.
Frollo employs stringent up to date information security practices and does not disclose or use your personal data (including banking data) for commercial purposes or any other purpose other than the purpose for which you provided consent.
Accessing and correcting your personal information
The CDR data we hold about you is accessible to you via the Frollo app and your CDR Dashboard. If you would like to access your data in a different format for the purpose of a CDR data correction, please contact us and we will provide the CDR data in another format where it is possible to do so. A user can request correction of their data through the contact us channels listed below.
Sufficient details must be provided to assess the issue and make corrections. Once assessed, notice is given over email that states what Frollo did in response to the request, any corrective action or comments, and the ability to make a complaint if not satisfied.
How to contact us
How to make a complaint
If you are dissatisfied with Frollo’s products, services, staff or the handling of a complaint, please submit your complaint via email to [email protected].
Please include the following information when submitting your complaint:
- Your name;
- Your contact details;
- Your preferred contact method of complainant (phone / email / letter); and,
- The details of your complaint,
- If any additional assistance is required with lodging the complaint.
A CDR complaint can be made at any time. Once your complaint is received, Frollo will immediately acknowledge receipt of the complaint within one (1) business day of being received.
Frollo will investigate your complaint and attempt to provide you with a written response to resolve the complaint, within thirty calendar days of receipt of your complaint.
The kind of resolution we provide will depend upon the nature of your issue or complaint. Resolution options include correction of data, deletion of data, issue of an apology.
When the complaint is resolved, you will receive a ‘final response’ letter within thirty (30) days, informing you of:
(a) the final outcome of your complaint or dispute;
(b) your right to take their complaint or dispute to External Dispute Resolution; and
(c) if you are not satisfied with the response, you may lodge a complaint with the Australian Financial Complaints Authority.
If your complaint remains outstanding within thirty (30) days, Frollo must write to you to:
- inform you of the reasons for the delay;
- specify a date when a decision can be reasonably expected;
- informs your of your right to take your complaint or dispute to an External Dispute Resolution; and
- if you are not satisfied with our response, you may lodge a complaint with the Australian Financial Complaints Authority or with the Office of the Australian Information Commissioner (OAIC). Their contact details are given below.
The Office of the Australian Information Commissioner (OAIC):
Events for notifying CDR consumer
Frollo will notify you;
- When you consent to collect, use and/or disclose your CDR data
- When your consent expires
- When you amend or withdraw a consent
- When we disclose to any accredited persons
- When we disclose to any non-accredited entities such as a trusted advisor
- When we access your data the consent dashboard will update when your data was last accessed in your linked accounts
- Every 90 days for each active consent
- When you request a correction of your data
- In the event of a data breach e.g. someone gaining unauthorised access which results in loss of CDR data, we would notify you as soon as practical in order to take appropriate action if required
Consequence of withdrawing consent
When you stop sharing data with Frollo, then we will stop collecting data from this account. We will also delete any data we previously received and held from this account. There are no penalties for withdrawal of consent.
Without this data, we will be limited in our ability to help you track your budget.
The detailed impact to using Frollo is as follows:
- Transaction Details: If you stop sharing these details we will no longer be able to identify how much money you have spent.
- Direct debits and scheduled payments: If you stop sharing these details we will no longer be able to identify the amount of regular payments you make.
- Customer Details: If you stop sharing these details we will no longer be able to identify your name
Deleting CDR data
You can stop sharing data with us at any time by going to your consent dashboard or by writing to us at [email protected]
We will delete all banking data collected and held under a user’s consent, along with any derived data, within one (1) business day of the following events:
- Your consent for access to banking data expires
- You stop sharing data with us before consent expires, or, you request data sharing to stop via the bank holding the account
- You delete your Frollo account
- Your bank notifies us that you cease to be an eligible consumer with them
When any of these events occur Frollo will irretrievably delete all the data that you shared with us within 24 hours, unless it is required to be held by Australian law.
Consumer spend data is categorised and added to expenditure counters using complex query parameters, providing a collective insight with no identifiable information. This is used to provide individual and group level money management insights that will be retained for statistical trend purposes after your data has been deleted.
Data is held in backup systems (which Frollo maintains for business continuity and risk management purposes) and cannot be deleted but is put beyond use. Meaning your data contained in backup systems is not accessible to anyone without invoking business continuity procedures, which may occur during a significant disaster or cyber security event. Backups are held for seven years after which they are destroyed.
Frollo does not currently provide any representative arrangements.