Finder makes money from featured partners, but editorial opinions are our own.

Finder Consumer Data Rights Policy


This Consumer Data Right (CDR) Policy (the Policy) explains how Hive Empire Pty Ltd (Finder) can collect, use, hold and disclose your data that you consent to sharing with us. This ensures transparency and trust between all parties, as well as ensuring the quality, integrity and security of your personal information under applicable CDR legislation and Privacy Laws.

Please refer to the Finder Group Privacy & Cookies Policy on our website for information on our management of your personal information.

What is the CDR?

The CDR was introduced by the Federal Government to give you control over the data that you share with other banks and financial institutions. This is often referred to as Open Banking. It helps you send your data to other companies with your full consent, knowledge, and control in a secure way. The intention is that you can help find the best products, prices, and to help switch to new products and services.

Open Banking will allow you to ask that your data be sent to other banks, financial institutions and authorised organisations (accredited data recipients) when you want to. You control who holds your data and how it is used. Finder is an accredited data recipient under the CDR (accreditation number ADRBNK000160).

The CDR is governed by the Competition and Consumer Act 2010 (Cth) and the Competition and Consumer (Consumer Data Right) Rules 2020 (Cth) (collectively, the CDR Rules). You can find out more about the CDR here.

What CDR Data is collected and held?

With your consent, the following classes of CDR Data are collected and held by us to help you manage your spending and track your budget through the Finder App:

Account Information

  • Your account name, number and sort code
  • Your account balance
  • Name of account
  • Type of account
  • Account balance
  • Account number
  • Interest rates
  • Fees
  • Discounts
  • Account terms
  • Account mail address

Transaction Details

  • Incoming and outgoing transactions
  • Amounts
  • Dates
  • Descriptions of transactions (including description entered by others paying you)
  • Who you have sent money to and received money from (e.g. their name).

CDR data collected by Finder is encrypted and held in electronic form only in our secure cloud-based environment in Australia.

What purposes is CDR Data used for?

With your consent, we may collect, hold and use (including disclose) your CDR Data to:

  • Give you a better view of your financial position and allow you to track your spending and budget by allowing you to see your accounts from some other banks in the Finder App;
  • Provide you with insights on your finances to enhance the services we provide to you;
  • Send you suggested products, services and offers from various providers that may help you get a better deal;
  • Provide you with information on our other products and services that may be of interest to you (if you have opted in to this feature).

Should you choose, you can consent to share your CDR Data with us. You have the right to choose the following about sharing:

  • which products you wish to share your CDR Data for;
  • whether you opt in to enhanced services and suggestions based on analysis of your CDR Data; and
  • election of deletion of CDR Data.

Consent granted will only last for a maximum of twelve (12) months, unless you withdraw consent earlier, or re-grant consent.

You may view and manage (i.e. amend or delete) your consent in the Manage Open Banking Consent dashboard of the Finder App. More details on how to amend and delete consent or CDR Data is explained below.

How is CDR Data disclosed?

We do not disclose your CDR Data to any third parties other than those listed below. If this does change, the list below will be updated accordingly.

Outsourced service providers

We engage the following outsourced service providers (OSPs) to help us provide you with our services. Our OSPs will access your CDR data only for the purpose(s) of facilitating the provision of our services requested by you and any other purposes you have consented to. We will not disclose your CDR data for any other purpose.

Although some OSPs are based outside of Australia, your CDR Data will only be collected and stored in servers in Australia.

For a detailed list of the classes of CDR data that may be disclosed to our OSPs, refer to the section What CDR data is collected and held? above.

OSP NameNature of services providedOSP LocationCDR Accreditation
AmplitudeAnalytics platform used to provide insights on how users interact with our products and services.USANon-Accredited
IterableMarketing automation platform used to send notifications to users.USANon-Accredited
SegmentCustomer data platform used to facilitate the collection and use of data from various digital properties.USANon-Accredited
SnowplowAnalytics platform used to provide insights on how users interact with our products and services.AustraliaNon-Accredited
YodleeAccredited Data Recipient Platform used to collect CDR Data.USAYodlee is an active Accredited Data Recipient with accreditation number ADRBNK000061.

How do I access and correct CDR Data?

You can access and view your CDR Data in the Manage Open Banking Consent dashboard in the Finder App.

Under the CDR, you have a right to request correction of your CDR data. If you believe that the data we hold about you is incorrect, please contact us through the Finder channels listed below and clearly ask us to correct your CDR data. You should ensure that you include specific information in your request, to allow us to assess the issue and make the right corrections. We will acknowledge receipt of your request within 1 business day. Once assessed, we will write to you to let you know if any corrections were made or not and will include a description of the changes made. If we don’t agree that a correction is required, we will explain our reason why. If you are dissatisfied with the outcome, you will have the opportunity to make a complaint.

If the data which will need to be corrected is held by your bank, you may need to contact them directly to make the request to correct your data. With your consent, we can also request your bank to correct the data held about you.

You also have the right to access and correct personal information we hold about you. Refer to the Finder Group Privacy & Cookies Policy for more information.

Deletion of CDR Data

We (and our outsourced service providers) will irretrievably delete your CDR Data within 5 business days of the following events:

  • Your consent for us to access your CDR Data expires;
  • You stop sharing CDR Data with us before consent expires (see below on how to do this), or, you request data sharing to stop via the bank holding the account;
  • You delete your Finder account; or
  • Your bank notifies us that you cease to be an eligible consumer with them.

When any of these events occur and provided we are not subject to a legal obligation to retain your CDR Data, both we and our outsourced service providers will irretrievably delete all the CDR Data you shared with us from our respective systems (including Finder's back-up systems). We will record deletion actioned internally by Finder, in accordance with the CDR Rules and will obtain a written record evidencing deletion from our outsourced service providers, once they have completed deletion and are able to confirm the same.

How you can request for us to delete your CDR Data

You can delete your CDR Data at any time by going to the Manage Open Banking Consent dashboard under 'Settings' in the Finder App and choosing "Delete my data instead" when you want to stop sharing your CDR Data with us.

If the connection for your bank account is no longer active, you can also request that we delete your CDR Data for you by contacting Finder through the channels listed below.

Redundant data

Your CDR Data will be deemed 'redundant data' where:

  • It is no longer required for the purpose for which it was collected;
  • The purpose for which is was collected has been fulfilled;
  • It is found to be inaccurate or incomplete and cannot be corrected; or
  • Legal or regulatory requirements require its destruction or deletion.

Redundant data will be securely deleted from our secure cloud-based environment in which it is stored (including Finder's back-up systems) and those of any held by third parties you had consented for us to share the information. We will obtain a written record from such third parties to evidence and confirm deletion once completed.

When you stop sharing CDR Data with us, we will stop collecting such data from your accounts with banks and other financial institutions. We will also irretrievably delete any data we previously received in connection with your bank accounts (unless we are subject to a legal obligation to store the data for a certain period of time, in which case we will do so in accordance with the applicable law or regulation).

Without consent to collect and use your CDR Data, we will be limited in our ability to help you track your budget and spending.

The impact to using the products, features and services of the Finder App are as follows:

  • Contact Details: if you stop sharing these details, we will no longer be able to identify your name or verify you.
  • Account Information: if you stop sharing these details, we will no longer be able to identify information relating to the specific bank account you have consented to us collecting data from
  • Transaction Details: if you stop sharing these details, we will no longer be able to identify how much money you have spent

Notification of certain events

We will notify you:

  • When you grant us consent to collect, use and/or disclose your CDR data
  • When you amend or withdraw a consent
  • When a consent expires
  • When collection of your CDR Data will occur
  • When disclosure of your CDR Data will occur
  • Every 90 days for each on-going consent (i.e. for consent that is not for a one-off share request, to confirm the data shared, expiry date and other information)
  • When you request a correction of your CDR Data (and our response)
  • In the event of a data breach e.g. someone gaining unauthorised access which results in loss of CDR Data, we would notify you as soon as practical in order to take appropriate action if required.

How can I make a complaint?

At Finder, we believe that all feedback – even criticism or complaints – provides us with insights that can only make our business better. That's why we legitimately welcome user feedback and encourage readers to tell us what we're doing well and where we can improve.

A complaint can be made at any time. If you wish to make a complaint, please contact Finder through the channels listed below.

When you contact us, please provide enough information for us to identify you, and understand the nature of your complaint. Please include:

  • Your name;
  • Your contact details;
  • Any additional assistance you require with the complaint process, including lodging your complaint;
  • A detailed description of your complaint; and
  • How you wish for your complaint to be resolved.

We will write to you to acknowledge your complaint as soon as we receive it, or within 1 business day. We may also contact you for more information. We will try to resolve your complaint immediately.

The kind of resolution we provide will depend upon the nature of your issue or complaint. Resolution options include correction of data, deletion of data, issue of an apology. However, if immediate resolution of your complaint is not possible, we will escalate your complaint internally for further investigation.

Once we have investigated your complaint, we will write to you with our decision within 30 days. Our response will include:

  • Our decision to accept or reject your complaint, and the reasons for our rejection, where applicable;
  • The resolution we are able to offer and our reasons for proposing a different resolution to the one requested by you, where applicable;
  • Your right to take your complaint or dispute to the Australian Financial Complaints Authority (AFCA) or the Office of Australian Information Commissioner (OAIC), as applicable, and have our decision reviewed externally; and
  • Contact details for AFCA and OAIC.

If we are unable to resolve your complaint within 30 days, we will write to you to:

  • Inform you of the reasons for the delay;
  • Indicate the approximate date we expect a decision to be made;
  • Inform you of any rights you have to refer your complaint to the relevant external dispute resolution scheme(s) and the scheme(s) contact details.

If you are unhappy with our response and the outcome of your complaint, you can refer the matter to AFCA or the OAIC for external review using the contact details listed below. This is available to you free of charge.

How to contact AFCA

You can contact AFCA using any of the following methods:

  • AFCA website:
  • Telephone: 1800 931 678 (free call)
  • Email:
  • Post: AFCA, GPO Box 3, Melbourne VIC 3001, Australia

Our AFCA membership number is 42503.

How to contact OAIC

Complaints involving your CDR Data and how we have handled your personal information can be referred to the OAIC by completing the online form or by contacting the OAIC using the details below. Please note that the OAIC requires any complaint to first be made to us. The law also allows 30 days for us to deal with the complaint before you may make a complaint to the OAIC.

Where is this CDR Policy available?

This Policy is available via our website: A hardcopy of this Policy will also be provided if requested through our contact us page.

How can I contact Finder?

You can contact us at any time in the following ways:

  • Email us
  • On site: Using the Live Chat button in the bottom-right corner of the screen of our website
  • Write to us at: Level 10, 99 York Street, Sydney NSW 2000, Australia

Version Date: 26 February 2024

More guides on Finder

Go to site