Published by: Digital Animals Agency Pty Ltd (ACN: 668 300 758 / ABN: 71 668 300 758)
Platform: RealSync (a product of Digital Animals Agency Pty Ltd)
Effective date: 13 April 2026
Last updated: 13 April 2026
Overview
This Consumer Data Right (CDR) Policy explains how Digital Animals Agency Pty Ltd (ACN: 668 300 758) (“we”, “us”, “our”) manages data under the Consumer Data Right framework established by the Competition and Consumer Act 2010 (Cth) and the Privacy Act 1988 (Cth). RealSync is a platform and brand name operated by Digital Animals Agency Pty Ltd.
RealSync operates as a CDR Representative of Fiskil Pty Ltd, which is an Accredited Data Recipient (ADR) under the CDR regime. This means that when you use RealSync BankFlow to connect your bank account, Fiskil facilitates the collection and transfer of your CDR data to us on your behalf, and only with your explicit consent.
This policy covers the 13 CDR Privacy Safeguards and explains your rights as a consumer under the CDR framework.
This policy should be read alongside our Privacy Policy at https://realsync.cloud/privacy-policy, which explains how we handle personal information more broadly.
1. Who We Are
| Legal entity | Digital Animals Agency Pty Ltd |
| ACN | 668 300 758 |
| ABN | 71 668 300 758 |
| Platform / Brand | RealSync |
| CDR role | CDR Representative of Fiskil Pty Ltd |
| Accredited Data Recipient (ADR) | Fiskil Pty Ltd |
| Website | https://realsync.cloud |
| Registered address | 409 Waverley Road, Malvern East VIC 3145 |
| CDR / Privacy enquiries | privacy@realsync.com.au |
2. What CDR Data We Access
When you use RealSync BankFlow and provide your consent, Fiskil Pty Ltd — as the Accredited Data Recipient — collects the following types of CDR data from your bank on your behalf and provides it to us:
Banking data:
- Account details (account name, BSB, account number, account type, account status)
- Transaction details (transaction date, amount, description, status — pending or posted, incoming and outgoing)
- Balance details (current balance, available funds)
We access only the data types that are necessary to provide the RealSync BankFlow bank-to-order matching service. We do not request access to data that is not needed for this purpose.
3. Why We Collect CDR Data — Purpose and Use
We collect your CDR data for one specific purpose only:
To provide the RealSync BankFlow service — matching your incoming bank deposit transactions to the corresponding ecommerce orders within your connected ecommerce platform, and automatically or semi-automatically updating the order payment status from pending to paid.
We will not use your CDR data for any purpose other than this stated purpose without your explicit, separate consent.
Specifically, we will not use your CDR data for:
- Direct marketing (to you or any third party)
- Credit or lending assessments
- Profiling or analytics beyond what is needed to deliver the BankFlow matching service
- Developing or training machine learning models in any way that identifies or relates to you personally
- Selling, licensing, or otherwise providing your data to third parties for their own purposes
4. CDR Privacy Safeguards
The following sections address each of the 13 CDR Privacy Safeguards as they apply to RealSync and our use of your CDR data.
Safeguard 1 — Open and transparent management of CDR data
We manage CDR data openly and transparently. This CDR Policy is published on our website and is freely accessible to all consumers. We will update this policy when our practices change and will notify you of material changes.
If you have any questions about how we handle your CDR data, you can contact us at any time at privacy@realsync.com.au.
Safeguard 2 — Anonymity and pseudonymity
Where it is lawful and practicable to do so, you may interact with us using a pseudonym or without identifying yourself. However, because the RealSync BankFlow service requires matching your bank transactions to your specific ecommerce account and orders, we need to be able to identify you and your accounts to deliver the service. Anonymous use of RealSync BankFlow is therefore not practicable.
Safeguard 3 — Collection of CDR data that is solicited
We only collect CDR data that you have explicitly consented to share with us through the consent process facilitated by Fiskil Pty Ltd. We collect CDR data only when it is reasonably necessary for the delivery of the RealSync BankFlow service.
We do not collect CDR data that is excessive relative to the purpose for which it is needed, and we do not collect CDR data without your consent.
Safeguard 4 — Dealing with unsolicited CDR data
If we receive CDR data that we did not solicit (for example, if we are accidentally provided data relating to an account or person we did not request), we will assess whether we could have lawfully collected that data under the CDR rules.
If we could not have lawfully collected it, we will destroy or de-identify that data as soon as practicable and will not use or disclose it.
Safeguard 5 — Notification of the collection of CDR data
At the time you provide consent to share your CDR data, we will inform you (through our consent flow, facilitated by Fiskil):
- What CDR data is being collected
- The purpose for which it is being collected
- How long it will be held
- Your rights to access, correct, and withdraw consent
- How to make a complaint
This notification is provided before you give consent, not after.
Safeguard 6 — Use or disclosure of CDR data
We will only use or disclose your CDR data for the purpose for which it was collected — the RealSync BankFlow bank-to-order matching service — unless:
- You have given separate, explicit consent to a different use or disclosure
- The use or disclosure is required or authorised by Australian law
- The use or disclosure is necessary to prevent a serious threat to life, health, or safety
We do not disclose your CDR data to any third party for their independent commercial purposes.
Safeguard 7 — Use or disclosure of CDR data for direct marketing
We will not use your CDR data for direct marketing under any circumstances, unless you have given us explicit, separate consent specifically for that purpose.
You may withdraw consent for direct marketing at any time, and withdrawal of direct marketing consent does not affect your ability to use the RealSync BankFlow service.
Safeguard 8 — Cross-context use of CDR data
We will not use your CDR data in a context other than the one in which you provided consent (the RealSync BankFlow bank-to-order matching service) without obtaining fresh consent from you that is specific to that new context.
Safeguard 9 — Integrity and correction of CDR data
We take reasonable steps to ensure that the CDR data we hold is accurate, up to date, complete, and not misleading.
If you believe that CDR data we hold about you is inaccurate, incomplete, or out of date, you may contact us at privacy@realsync.com.au to request a correction. We will respond within 30 days and will take reasonable steps to correct the data or, if we disagree that a correction is warranted, we will explain our reasons in writing.
Safeguard 10 — Security of CDR data
We take reasonable steps to protect CDR data from misuse, interference, loss, and unauthorised access, modification, or disclosure. Our security measures include:
- Encrypted data transmission (TLS/HTTPS) for all data in transit
- Encryption of sensitive data at rest
- Role-based access controls — CDR data is accessible only to the system processes and staff roles that require it to deliver the service
- Regular security monitoring, logging, and review
- Data hosted in Australian-based cloud infrastructure
In the event of a data breach involving CDR data, we will notify the affected consumer and the relevant regulators (the OAIC and the ACCC) as required by the CDR rules and the Notifiable Data Breaches scheme.
Safeguard 11 — Access to CDR data by the consumer
You have the right to request access to the CDR data we currently hold about you. To make an access request, please contact us at:
Email: privacy@realsync.com.au
Subject line: CDR Data Access Request
We will respond within 30 days. Note that because we operate under a data minimisation model and delete CDR data promptly once it is no longer needed, the data we hold at any given time will reflect your current and recent transactions only.
Safeguard 12 — Correction of CDR data
If you believe that CDR data we hold is inaccurate, incomplete, out of date, or misleading, you may request a correction at any time. Please contact us at privacy@realsync.com.au.
We will acknowledge your correction request within 5 business days and advise whether the correction has been made or, if not, explain why. If we decline to make the correction, you may request that we associate a statement with the data noting that you consider it inaccurate.
Safeguard 13 — Complaints about CDR data
If you have a complaint about how we have handled your CDR data, please follow the complaints process set out in Section 7 of this policy.
5. Consent Management
How we obtain consent
Consent to share your CDR data with RealSync is obtained through the consent flow managed by Fiskil Pty Ltd, our Accredited Data Recipient. Before you provide consent, you will be clearly informed of:
- The specific data types being requested
- The purpose for which your data will be used
- The duration of the consent (up to 12 months)
- Your right to withdraw consent at any time
Consent is never implied, bundled with other terms, or pre-ticked. You must take an active, affirmative step to grant consent.
Duration of consent
Your consent to share CDR data may last for a maximum of 12 months. Before the 12-month period expires, you will be notified and given the opportunity to renew your consent or allow it to expire. If you do not actively renew consent, it will automatically expire.
Withdrawing consent
You may withdraw your consent at any time. You can do this by:
- Using the consent management dashboard within the RealSync BankFlow platform
- Contacting Fiskil Pty Ltd via their consent management tools
- Contacting us directly at privacy@realsync.com.au
When you withdraw consent, we will stop collecting your CDR data immediately. Any CDR data we currently hold that is no longer required for the service will be deleted in accordance with Section 6 (Data Deletion) of this policy.
Withdrawing consent may affect our ability to continue providing the RealSync BankFlow service to you, as the service relies on access to your bank transaction data.
Consent notifications
You will receive notifications in relation to your consent in the following circumstances:
- When you grant consent
- Every 90 days, confirming the data you are sharing and the expiry date of your consent
- When your consent is about to expire
- When you amend, withdraw, or when your consent expires
These notifications are mandatory and cannot be opted out of.
6. Data Minimisation and Deletion
We are committed to the principle of data minimisation — we collect and retain only the CDR data that is necessary to provide the RealSync BankFlow service, and only for as long as it is needed.
What data we hold and for how long
- Active service period: During your active use of RealSync BankFlow, we hold your CDR data to enable transaction matching. We access transaction data for the period you have authorised.
- After consent withdrawal or expiry: We will delete all CDR data that is no longer required for the service within a reasonable period following the withdrawal or expiry of consent — and in any event within the timeframes required by the CDR rules.
- Compliance records: We are required by the CDR rules to retain certain records (such as consent records and audit logs) for up to 6 years. These records do not contain your substantive CDR data (transaction details, account information) but rather records of consent and data handling activities.
Deletion of redundant CDR data
CDR data becomes redundant when:
- Your consent expires or is withdrawn
- The data has been used to complete the matching purpose for which it was collected and is no longer required
- You close your RealSync account
When CDR data becomes redundant, we will irretrievably destroy it. We will not retain redundant CDR data for secondary purposes.
7. Complaints — CDR Data
If you have a concern or complaint about how we have handled your CDR data, we take this seriously and want to resolve it promptly.
Step 1 — Contact us directly
Email: privacy@realsync.com.au
Subject line: CDR Privacy Complaint
Please include your name, contact details, the nature of the complaint, and any relevant dates or details. We will:
- Acknowledge your complaint within 5 business days
- Aim to resolve the complaint within 30 days
- Notify you if the complaint is complex and requires additional time
Step 2 — Contact the OAIC
If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC), which regulates the privacy aspects of the CDR:
- Website: www.oaic.gov.au
- Phone: 1300 363 992
- Email: enquiries@oaic.gov.au
- Mail: GPO Box 5218, Sydney NSW 2001
Step 3 — Contact the ACCC
For complaints relating to other aspects of the CDR framework (beyond privacy), you may also contact the Australian Competition and Consumer Commission (ACCC):
- Website: www.accc.gov.au
- Phone: 1300 302 502
Step 4 — External Dispute Resolution
For financial disputes, you may contact the Australian Financial Complaints Authority (AFCA):
- Website: www.afca.org.au
- Phone: 1800 931 678 (free call)
- Email: info@afca.org.au
- Mail: GPO Box 3, Melbourne VIC 3001
8. Our CDR Representative Relationship with Fiskil
RealSync operates as a CDR Representative of Fiskil Pty Ltd. This means:
- Fiskil Pty Ltd, as the Accredited Data Recipient, is responsible for the collection of your CDR data from your bank
- We, as the CDR Representative, receive that data from Fiskil and use it solely to deliver the RealSync BankFlow service under your consent
- We operate in accordance with Fiskil’s CDR accreditation obligations and the CDR rules applicable to CDR Representatives
- Fiskil’s CDR Policy is available at https://www.fiskil.com/legal/cdr-policy
We remain responsible for how we handle your CDR data once it is provided to us by Fiskil, and this CDR Policy governs that handling.
9. Data Storage Location
All CDR data we hold is stored in Australia. We do not transfer CDR data outside of Australia.
10. Changes to This Policy
We may update this CDR Policy from time to time to reflect changes in our services, the CDR framework, or applicable law. When we make material changes, we will notify you via email or through a notice within the Platform, and update the “Last updated” date at the top of this policy.
11. Contact Us
For any questions, requests, or concerns relating to this CDR Policy or your CDR data, please contact us at:
Digital Animals Agency Pty Ltd
Email: privacy@realsync.com.au
Website: https://realsync.cloud
This policy is published by Digital Animals Agency Pty Ltd (ACN: 668 300 758 / ABN: 71 668 300 758). RealSync is a platform and brand name operated by Digital Animals Agency Pty Ltd, operating as a CDR Representative of Fiskil Pty Ltd.
