We are committed to complying with the Privacy Act 1988 (Cth) (Privacy Act) in relation to all personal information we collect. Our commitment is demonstrated in this policy. The Privacy Act incorporates the Australian Privacy Principles (APPs). The APPs set out the way that personal information must be treated.
This policy applies to any person in relation to whom we currently hold, or may in the future collect, personal information. Broadly, we only collect personal information from current and prospective franchisees, customers (being our customers and our franchisees’ customers), subcontractors, agents and suppliers who perform services or provide goods on our behalf and prospective employees.
This policy applies to personal information. In broad terms, ‘personal information’ is information or opinions relating to a particular individual who can be identified.
Information is not personal information where the information cannot be linked to an identifiable individual.
HOW DO WE MANAGE THE PERSONAL INFORMATION WE COLLECT?
We manage the personal information we collect in numerous ways, such as by:
(a) implementing procedures for identifying and managing privacy risks;
(b) implementing security systems for protecting personal information from misuse, interference and loss from unauthorised access, modification or disclosure;
(c) providing staff with training on privacy issues;
(d) appropriately supervising staff who regularly handle personal information;
(e) implementing mechanisms to ensure any agents, suppliers or subcontractors who deal with us comply with the APPs;
(f) implementing procedures for identifying and reporting privacy breaches and for receiving and responding to complaints; and
(g) appointing a privacy officer within the business to monitor privacy compliance.
We will take reasonable steps to destroy or de-identify personal information if that information is no longer needed for the purposes for which we are authorised to use it.
If you want to use a pseudonym or remain anonymous when dealing with us, you should notify us and we will try to accommodate your request, subject to our ability to perform the services.
WHAT KINDS OF INFORMATION DO WE COLLECT AND HOLD?
The personal information we may collect differs, depending on whether you are a current or prospective franchisee, customer, subcontractor, employee agent or supplier.
Personal information (franchisees and prospective franchisees)
If you are a current or prospective franchisee, we may collect and hold personal information about you, which may include:
(a) sensitive information (see below);
(b) your contact details;
(c) financial and credit information;
(d) date of birth;
(e) information in publicly available company records about you;
(f) employment arrangements and history;
(g) insurance information and claims history;
(h) education details; and
(i) any other personal information required to assess your suitability to operate a franchise.
Personal information (customers and prospective customers)
If you are a current or prospective customer, we may collect and hold personal information about you, which may include:
(a) sensitive information (see below);
(b) your contact details;
(c) financial and credit information;
(d) date and place of birth;
(e) information in publicly available company records about you; and
(f) any other personal information required in order for us or our franchisees to provide the goods or services to you.
Personal information (current and prospective subcontractors, agents, suppliers and prospective employees)
3.4 If you are a current or prospective subcontractor, employee, agent or supplier, we may collect and hold personal information about you, which may include:
(a) sensitive information (see below);
(b) contact information;
(c) date of birth;
(d) employment arrangements and history;
(e) insurance information and claims history;
(f) credit information;
(g) licence details;
(h) education details;
(i) driving history;
(j) banking details; and
(k) any other personal information required to engage you as our subcontractor, employee. agent or supplier, or to consider offering you such engagement.
‘Sensitive information’ is a subset of personal information and includes personal information that may have serious ramifications for the individual concerned if used inappropriately.
We may collect sensitive information from and about current and prospective franchisees, customers, subcontractors, employees, agents and suppliers such as:
(a) health information;
(b) criminal history;
(c) membership of professional or trade associations; and
(d) membership of trade unions.
We will not collect sensitive information without the individual’s consent to which the information relates unless permitted under the Privacy Act.
HOW AND WHEN DO WE COLLECT PERSONAL INFORMATION?
Our usual approach to collecting personal information is to collect it directly from the individual concerned.
We may also collect personal information in other ways, such as from:
(b) our employees;
(c) our subcontractors, agents and suppliers;
(d) your current and previous employers;
(e) trade references; and
(f) insurance providers and brokers.
HOW DO WE HOLD PERSONAL INFORMATION?
Our usual approach to holding personal information includes holding that personal information:
(a) physically, at our premises; and
(b) electronically, on secure servers; and
(c) in a private cloud.
We secure the personal information we hold in numerous ways, including:
(a) using security systems to limit access to premises outside of business hours;
(b) using secure servers to store personal information;
(c) using unique usernames, passwords and other protections on systems that can access personal information; and
(d) holding certain sensitive documents securely.
WHY DO WE COLLECT, HOLD, USE OR DISCLOSE PERSONAL INFORMATION?
We take reasonable steps to use and disclose personal information for the primary purpose for which we collect it. The primary purpose for which information is collected varies, depending on the particular service being provided or the individual from whom we are collecting the information but is generally as follows:
(a) in the case of franchisees, subcontractors, employees, agents and suppliers – to effectively franchise the Xtend Barre system in Australia;
(b) in the case of prospective franchisees – to assess your suitability to operate a franchised Xtend Barre studio;
(c) in the case of customers and prospective customers – to provide you, directly or via our franchisees, with goods and services associated with the franchise system and tailor the offerings to customer needs;
(d) in the case of prospective employees, subcontractors, agents and suppliers – to assess your suitability for employment or engagement within the franchise system.
Personal information may also be used or disclosed by us for secondary purposes that are within an individual’s reasonable expectations and that are related to the primary purpose of collection.
We may collect and use customers’ personal information:
(a) to keep records of transactions to assist in future enquiries and enhance our customer relationship with you; and
(b) to send you special offers in relation to our or our franchisees services.
We may collect and use franchisees’, subcontractors’, employees’, agents’ and suppliers’ personal information:
(a) to conduct checks to ensure that the franchisee, subcontractor, employee, agent or supplier can perform and is performing the system services to our standards; and
(b) for payment purposes.
We may disclose personal information to:
(b) subcontractors, our employees, agents and suppliers;
(c) employers of individuals;
(d) government bodies (such as Centrelink);
(e) other service providers in order to provide the services, or to assist our functions or activities (such as our advisers and consultants);
(f) insurance providers and brokers;
(g) credit reporting bodies;
(h) emergency medical professionals; and
(i) any third party technology providers we engage from time to time, such as email filter providers.
Otherwise, we will only disclose personal information to third parties if permitted by the Privacy Act.
WILL WE DISCLOSE PERSONAL INFORMATION OUTSIDE AUSTRALIA?
Because our parent company is incorporated and located in the United States of America, we do disclose personal information outside of Australia.
Apart from disclosure to our parent company, we generally do not disclose personal information outside of Australia apart from our cloud provider and software systems (that have data centres predominantly located in the United States, but may also have data centres internationally). We take reasonable steps to ensure this personal information is handled in a safe and secure manner.
HOW DO WE MANAGE YOUR CREDIT INFORMATION?
What kinds of credit information may we collect?
We generally do not collect credit information about subcontractors, agents, suppliers and employees.
In the course of providing our services to a franchisee or customer, we may collect and hold the following kinds of credit information:
(a) your identification information;
(b) information about any credit that has been provided to you;
(c) your repayment history;
(d) your payment information;
(e) information about your overdue payments;
(f) whether terms and conditions of your credit arrangements with us are varied;
(g) whether any court proceedings are initiated against you in relation to your credit activities;
(h) information about any bankruptcy or debt agreements involving you;
(i) any publicly available information about your credit worthiness; and
(j) any information about you where you may have fraudulently or otherwise committed a serious credit infringement.
We may also collect personal information that may affect a franchisee’s credit worthiness from other credit providers (e.g. trade referees and banks) that themselves may collect that information from credit reporting bodies. The kinds of personal information we collect may include any of those kinds of personal information outlined in section 3.2 of this policy.
How and when do we collect credit information?
In most cases, we will only collect credit information about you directly or from trade referees. However, in the case customers, we may collect this information from our franchisees.
Other sources we may collect credit information from include:
(a) credit reporting bodies;
(b) commercial debt collecting businesses;
(d) banks and other credit providers;
(e) your suppliers and creditors; and
(f) our subcontractors, agents and suppliers.
How do we store and hold the credit information?
We store and hold credit information in the manner outlined in section 5 of this policy.
Why do we collect the credit information?
Our usual purpose for collecting, holding, using and disclosing credit information about you is to enable us to operate the Xtend Barre franchise system and provide the goods and services associated with the system.
We may also collect the credit information to:
(a) process payments; and
(b) assess eligibility for credit.
Overseas disclosure of the credit information
Because our parent company is incorporated and located in the United States of America, we do disclose credit information outside of Australia.
Apart from disclosure to our parent company, other than any information stored in our private cloud or software systems (that have data centres predominantly located in the United States but may also have data centres internationally), we will not disclose your credit information to entities without an Australian link unless you expressly request us to.
How can I access my credit information, correct errors or make a complaint?
You can access and correct your credit information, or complain about a breach of your privacy in the manner set out in section 9 of this policy.
HOW DO YOU MAKE COMPLAINTS OR ACCESS AND CORRECT YOUR PERSONAL OR CREDIT INFORMATION?
It is important that the information we hold about you is up-to-date. You should contact us if your personal information changes.
Access to information and correcting personal information
You may request access to the personal information held by us or ask us for your personal information to be corrected by using the contact details in this section.
We will grant you access to your personal information as soon as possible, subject to the request circumstances.
In keeping with our commitment to protect the privacy of personal information, we may not disclose personal information to you without proof of identity.
We may deny access to personal information if:
(a) the request is unreasonable;
(b) providing access would have an unreasonable impact on the privacy of another person;
(c) providing access would pose a serious and imminent threat to the life or health of any person; or
(d) there are other legal grounds to deny the request.
We may charge a fee for reasonable costs incurred in responding to an access request. The fee (if any) will be disclosed before it is levied.
If the personal information we hold is not accurate, complete and up-to-date, we will take reasonable steps to correct it so that it is accurate, complete and up-to-date, where it is appropriate to do so.
If you want to complain about an interference with your privacy, you must follow the following process:
(a) The complaint must first be made to us in writing, using the contact details in this section. We will have a reasonable time to respond to the complaint.
(b) If the privacy issue cannot be resolved, you may take your complaint to the Office of the Australian Information Commissioner.
Who to contact
A person may make a complaint or request to access or correct personal information about them held by us. Such a request must be made in writing to the following address:
CHANGES TO THE POLICY
This policy is effective from . If you have any comments on the policy, please contact our privacy officer using the contact details in section 9 of this policy.
ABN 55 610 197 307
COLLECTION STATEMENT (INCLUDING CREDIT INFORMATION)
Our primary purpose for collecting information from franchisees, subcontractors, employees, agents and suppliers is to effectively franchise the Xtend Barre system in Australia.
For prospective franchisees, our primary purpose for collecting information is to assess suitability of applicants seeking to operate an Xtend Barre franchise. For prospective employees, subcontractors, agents and suppliers, our primary purpose for collecting information is to assess suitability for employment or engagement.
For customers (being our customers and our franchisees’ customers) and prospective customers, our primary purpose for collecting information is to assist us and our franchisees to provide the goods and services associated with the franchise system.
We may also use or disclose the personal information and credit information we collect for other purposes such as to keep records of transactions to assist in future enquiries, to enhance our relationship with you, or for payment purposes such as payment by us to subcontractors, agents and suppliers, or to facilitate convenient payment between franchisees and customers.
Our usual process of collecting personal information and credit information is to collect the information directly from the individual concerned. We may also collect personal information from other sources, such as from franchisees, employees, subcontractors, agents, suppliers, trade referees, employers, and from insurance providers and brokers. In the case of customers, we will only collect your personal information from other sources if it is necessary to provide you with our services.
We will only collect sensitive information with your consent.
If you do not provide us with your personal information, we may not be able to employ or engage you, or provide you with goods or services associated with the Xtend Barre franchise system.
Your personal information may be disclosed to other entities such as our related entity Xtend Holdings LLC, our franchisees, subcontractors, employees, agents, suppliers, professional advisors, insurance providers and brokers, government bodies (e.g. Centrelink) and emergency medical professionals.
Apart from disclosure to our parent company, Xtend Holdings LLC, located in the United States of America, we do not generally disclose your personal information to overseas recipients, apart from storing some information with private cloud providers and software systems which store data on overseas servers. For example, we use Mindbody Online, Franconnect, myemma, Xero, Quickbooks and Dropbox which we understand store with data centres predominantly located in the United States of America, but may also store information on international servers. We will take all reasonable steps to ensure that these providers use the personal information in a way that is compliant with the Australian Privacy Principles and other relevant privacy laws.
We may also check your credit information with a credit reporting body.
You can request that the credit reporting body not use your information for the purposes of pre-screening for direct marketing by another credit provider. You can also request the credit reporting body not use or disclose credit reporting information about you, if you believe on reasonable grounds that you have been, or are likely to be, a victim of fraud.
We do not provide your information to credit agencies.