1. About This Policy

Scottish Pacific Business Finance Pty Ltd (ABN 79 008 636 388) (‘ScotPac’, ‘we’, ‘us’, ‘our’) is a non-bank lender providing business finance products to Australian businesses. This Consumer Data Right (‘CDR’) Policy explains how we manage CDR data in our capacity as a data holder under the CDR regime.

This policy is made in accordance with Privacy Safeguard 1 in Part IVD of the Competition and Consumer Act 2010 (Cth) (‘CCA’) and Rule 7.2 of the Competition and Consumer (Consumer Data Right) Rules 2020 (‘CDR Rules’), as applicable to the non-bank lending sector following its designation under the Consumer Data Right (Non-Bank Lenders) Designation 2022.

This policy is a separate document to ScotPac’s Privacy Policy, which governs how we handle personal information under the Privacy Act 1988 (Cth) and the Australian Privacy Principles (‘APPs’). Where information is both CDR data and personal information, this CDR Policy and our Privacy Policy each apply to the relevant aspects of that information.

2. ScotPac’s Role Under the CDR

ScotPac is a data holder under the CDR. This means we are required to make certain data about our products available through standardised, secure data-sharing channels. ScotPac holds the role of data holder for the following entities that have data sharing obligations under the CDR Scheme:

  • Scottish Pacific Business Finance Pty Ltd (ABN 79 008 636 388)
  • Business Fuel Finance Pty Ltd (ABN 58 629 419 021)

From 13 July 2026, ScotPac is required to share product reference data (product data) for its covered lending products. This policy relates to ScotPac’s obligations as a data holder for product data only.

What is product data?

Product data is publicly available information about ScotPac’s lending products, including product features, eligibility criteria, fees, rates and other terms. It does not include any information about individual customers or their accounts.

At this time, ScotPac’s CDR obligations extend to product data only. Consumer data sharing (i.e. sharing of data about specific customers and their accounts) has not yet commenced.

At this time, ScotPac is not an accredited data recipient under the CDR. This policy therefore does not address the collection or use of CDR data from other data holders.

3. What CDR Data Does ScotPac Hold?

3.1 Product Data 

ScotPac holds and shares product reference data for its publicly offered, covered lending products in the non-bank lending sector. The products currently subject to CDR product data sharing obligations are:

  • Asset Finance
  • Boost Business Loans
  • Line of Credit
  • Asset Based Finance

All other products offered by ScotPac and its associated entities are not subject to product data sharing obligations at this time.

Product data is not personal information and does not relate to any individual customer or account. It is publicly available information that describes the features, terms, fees and eligibility criteria for ScotPac’s covered products.

3.2 Consumer Data 

ScotPac does not currently share consumer data (information about specific customers and their accounts) under the CDR. If consumer data sharing obligations apply in the future, this policy will be updated accordingly.

4. How ScotPac Manages CDR Data

4.1 How Product Data Is Held 

ScotPac’s product reference data is sourced from internal systems and made available through a CDR-compliant technology platform. The product data is maintained in a structured data store and served via standardised CDR APIs that conform to the Consumer Data Standards published by the Data Standards Body.

ScotPac has engaged a CDR technology solution provider to support the operation of our CDR data sharing infrastructure. Where a third-party provider holds or processes CDR data on our behalf, this is undertaken under a CDR outsourcing arrangement that meets the requirements of the CDR Rules.

4.2 Quality and Accuracy of Product Data 

ScotPac takes reasonable steps to ensure that product data shared under the CDR is accurate, up-to-date, complete and not misleading. Product data will be updated promptly when product terms, fees, rates or features change.

4.3 Security 

ScotPac and its CDR technology provider maintain appropriate technical and organisational security measures to protect the integrity and availability of CDR product data. These measures are consistent with the requirements of Privacy Safeguard 12 and the Consumer Data Standards.

5. Access to CDR Data

5.1 Access by Accredited Data Recipients 

Product data is publicly available and can be accessed without authentication by any party, including accredited data recipients (‘ADRs’), through ScotPac’s CDR product data endpoints. No consumer consent is required to access product data.

5.2 Access by Consumers 

ScotPac does not currently share consumer data through the CDR. As a result, consumer CDR data cannot be accessed through the CDR system at this time.

Consumers who wish to access personal information that ScotPac holds about them may do so under Australian Privacy Principle 12 (APP 12) by contacting ScotPac using the details in Section 8 of this policy.

5.3 Voluntary Data Sharing 

ScotPac does not currently accept voluntary consumer data requests or voluntary product data requests beyond its mandatory CDR obligations. Any change to this position will be reflected in an updated version of this policy.

6. Correction of CDR Data

As product data is publicly available information about ScotPac’s products (not information about individual customers), correction rights under Privacy Safeguard 13 are not directly applicable to product data in the same manner as consumer data.

If you believe that any product data published by ScotPac is inaccurate, incomplete or misleading, please notify us using the contact details in Section 8.

ScotPac does not currently disclose consumer CDR data through the CDR. If ScotPac becomes required to disclose consumer CDR data in future, this policy will be updated to explain how CDR consumers may request correction under Privacy Safeguard 13.

Separately, consumers may request correction of personal information held by ScotPac under APP 13 of the Privacy Act by contacting us using the details in Section 8.

7. Complaints

7.1 How to Make a CDR Complaint 

You can make a CDR complaint if you are unhappy with how ScotPac has handled its CDR obligations or with a service we provide through the CDR system, and you would like us to respond or fix the issue.

You can lodge a CDR complaint with us by:

  • Phone: Call 1300 177 495
  • Post: ScotPac CDR Complaints, GPO Box 9969, Sydney NSW 2000

When lodging your complaint, please provide:

  • Your name and contact details
  • A description of the nature of your complaint, including reference to CDR as appropriate
  • Any relevant documentation or reference numbers
  • Your preferred method of response
7.2 How We Handle Complaints 

Once you have submitted a CDR complaint, we will acknowledge receipt within 1 business day. We will assess the complaint, investigate the issues raised and determine an appropriate outcome. Where necessary, we may contact you for further information to assist our investigation.

For standard complaints, a response will be provided to you within 20 business days after we receive your complaint.

Should there be exceptional circumstances causing a delay, we will advise you of the circumstances causing the delay and when we expect the matter to be resolved.

Where your complaint is upheld, we may offer redress such as correction of data, an explanation, an apology or other appropriate remedy.

7.3 If You Are Not Satisfied — External Review 

If you are not satisfied with our response, or we have not resolved your complaint within the applicable timeframe, you may make a complaint to the Office of the Australian Information Commissioner (OAIC).

You can lodge a CDR complaint with the OAIC by:

  • Post: GPO Box 5288, Sydney NSW 2001
  • Fax: 02 6123 5145

 

8. Contact Us

If you have any questions about this CDR Policy, wish to make an enquiry, or want to request a copy of this policy in an accessible format, please contact us:

CDR Enquiries [email protected]
Phone 1300 177 495
Mail ScotPac CDR
GPO Box 9969
Sydney NSW 2000
Website scotpac.com.au/consumer-data-right-policy

9. Availability of This Policy

This CDR Policy is freely and publicly available on the ScotPac website at scotpac.com.au/consumer-data-right-policy. A copy is also available through ScotPac’s mobile application and other online services we ordinarily use to deal with customers.

You may also request a copy of this policy in hard copy or electronic format (such as PDF or Word document) at any time by contacting us using the details in Section 8 above. ScotPac will provide an accessible format upon request.

ScotPac has provided a hyperlink to this CDR Policy to the ACCC in accordance with CDR Rule 5.25.

10. Relationship With Other Policies

This CDR Policy applies specifically to CDR data and ScotPac’s obligations under the CDR regime. It is a separate document to ScotPac’s Privacy Policy, which governs how we handle personal information under the Privacy Act 1988 (Cth) and the APPs.

Where information is both CDR data and personal information (for example, information associated with an individual customer), this CDR Policy and our Privacy Policy each apply to the relevant aspects of that information. ScotPac’s Privacy Policy is available at scotpac.com.au/privacy-policy/.

The privacy safeguards under the CDR system and the APPs under the Privacy Act differ in a number of respects. Consumers should review both policies to understand how their information is managed.

11. Policy Updates

We review this CDR Policy at least annually and publish updates as required. This policy was last updated in July 2026.

If you have any feedback about this policy, please contact us using the details in Section 8.