Privacy Policy for XL.Today™

    • Background
      1. General

        XL Today Pty Ltd (ACN 009 571 224) (XL Today) is an Australian proprietary company limited by shares. XL Today is committed to protecting your privacy, in accordance with applicable Australian privacy laws.

        In this Privacy Policy, “we” and “us” refers to XL Today and “you” refers to any individual about whom we collect personal information.

        This Policy is designed to give you a greater understanding of how we collect, use, disclose and otherwise handle personal information.

        This Policy applies to visitors and users of this website and our subscription services, which is operated by XL Today under the domain name ‘’. By using our website or our subscription services (including our associated applications), you communicate your acceptance of this Privacy Policy. If you do not agree to this Policy, please do not use our website or our subscription service.

        We reserve the right to modify, alter or otherwise update this Privacy Policy at any time.

        A copy of this Privacy Policy is available on our website at /privacy, or you can request a copy by contacting our Privacy Officer (details under heading 11 below).

      2. What is personal information?

        Personal information means information or an opinion, whether true or not and whether recorded in a material form or not, about an individual who is identified or reasonably identifiable.

      3. Employee records

        We are generally exempt from the Privacy Act when we collect and handle employee records and this Privacy Policy does not apply to that information. However, where State or Territory health privacy legislation applies, we are still required to protect the privacy of employee health information. This Privacy Policy will apply in those circumstances.

    • What we collect

      XL Today collects information under the direction of its customers, and has no direct relationship with individuals who provide Personal Information to our customers. Our customers control and are responsible for correcting, deleting or updating information they have collected from you using the subscription service.

      We are not responsible for our customers’ use of information they collect on the subscription service. If you are a customer of one of our customers and would no longer like to be contacted by one of our customer that use our subscription service, please contact the customer that you interact with directly.

      1. General

        The type of personal information that we collect about you depends on the type of dealings you have with us. For example, if you:

        subscribe to use our services, we will collect your name, contact details, business address and details of what you supply through your business

        subscribe to use our customer’s services, our customer will collect your name, address, purchases history and preferences, age and gender

        send us an enquiry or provide us with feedback, we may collect your name, contact details, details of your enquiry or feedback and information about our response

        apply for a job with us, we will collect the information you include in your job application, including your cover letter, resume, contact details and referee reports

        enter into any promotions, competitions or special offers, we will collect the information you provide when submitting your entry

      2. Sensitive information

        Sensitive information is a subset of personal information that is generally afforded a higher level of privacy protection, such as health information. We only collect sensitive information where it is reasonably necessary for our functions or activities and either:

        the individual has consented; or

        we are required or authorised by or under law (including applicable privacy legislation) to do so.

      3. Collection of information other than personal information through our website

        When you visit our website, some of the information that is collected about your visit is not personal information, as it does not reveal your identity.

        Site visit information

        For example, we record your server address, the date and time of your visit, the pages you visited, any documents you downloaded, the previous site you visited and the type of device, browser and operating system you used.

        We use and disclose this information in anonymous, aggregated form only, for purposes including statistical analysis and to assist us to improve the functionality and usability of our website. You are not individually identified, however we reserve the right to use or disclose this information to try to locate an individual where we reasonably believe that the individual may have engaged in any unlawful or inappropriate activity in connection with our website, or where we are otherwise required or authorised by law to do so.


        A cookie is a small string of information that a website transfers to your browser for identification purposes. The cookies we use do not identify individual users, although they do identify the user’s internet browser.

        We use cookies to hold anonymous session information. This information is used to personalise your current visit to the website, for example to allow the website to remember who you are by keeping server variables linked to your session.

        We only use non-persistent cookies. That is, they are held on your browser’s memory only for the duration of your session. Most internet browsers are set to accept cookies. If you prefer not to receive them, you can adjust your internet browser to reject cookies, or to notify you when they are being used. There are also software products available that can manage cookies for you. Rejecting cookies can, however, limit the functionality of our website.

        Online Behavioural Advertising

        We use advertising programs that place cookies on your computer to collect information about your browsing history (including on external websites). This information, which does not identify you personally, is collected in order to improve your online experience by customising the advertising you see to your interests (including the display of more relevant ads on external websites). You can opt out of these programs at any time by clicking here.

      4. What if you don’t provide us with your personal information?

        In some cases, if you don’t provide us with your personal information when requested, we may not be able to provide you with the product or service that you are seeking. For example, you must identify yourself to register as a user of our services or purchase our products.

    • How we collect personal information
      1. Methods of collection

        We collect personal information in a number of ways, including:

        directly from you in person (for example, such as at conferences and events])

        through our website (for example, by making an online enquiry or registering to use our services)

        through our customers (for example, when you have registered your interest in our customer’s goods or services and interact with our customer)

        over the telephone

        through written correspondence (such as letters, faxes and emails)

        on hard copy forms (for example, competition entry forms and surveys)

        Xl Today also collects and uses personal information for market research purposes and to innovate our delivery of products and services.

      2. Collection notices

        Where we collect personal information about you, we will take reasonable steps to provide you with certain details about that collection (such as why we are collecting the information and who we may share it with). We will generally include this information in a collection notice.

        Collection notices provide more specific information than this Privacy Policy. The terms of this Privacy Policy are subject to any specific provisions contained in collection notices and in the terms and conditions of particular offers, products and services. We encourage you to read those provisions carefully.

      3. Unsolicited information

        Unsolicited personal information is personal information we receive that we have taken no active steps to collect (such as an employment application sent to us by an individual on their own initiative, rather than in response to a job advertisement).

        We may keep records of unsolicited personal information if the Privacy Act permits it (for example, if the information is reasonably necessary for one or more of our functions or activities). If not, we will destroy or de-identify the information as soon as practicable, provided it is lawful and reasonable to do so.

    • Why we collect personal information

      The main purposes for which we collect, hold, use and disclose personal information are set out below.

      to provide and improve our services to you

      to help us better understand your needs including by sending information to you which we think may be of interest to you by post, email, or other means

      send you marketing communications relating to our business or the businesses of carefully-selected third parties which we think may be of interest to you

      processing payments

      promoting ourselves and our customer’s products and services, including through direct marketing, events and competitions

      performing research and statistical analysis, including for customer satisfaction and service improvement purposes

      answering queries and resolving complaints

      recruiting staff and contractors

      We may also collect, hold, use and disclose personal information for other purposes explained at the time of collection or:

      which are required or authorised by or under law (including, without limitation, privacy legislation); and

      for which you have provided your consent.

      1. Direct marketing

        We may use your personal information to let you know about us and our products and services (including promotions, special offers and events) , either where we have your express or implied consent, or where we are otherwise permitted by law to do so. We may contact you for these purposes in a variety of ways, including by mail, email, SMS, telephone or social media (Facebook, Instagram and twitter)

        Opting out

        Where you have consented to receiving marketing communications from us, your consent will remain current until you advise us otherwise. However, you can opt out at any time, by:

        contacting us (details under heading 11 below);

        advising us if you receive a marketing call that you no longer wish to receive these calls

        using the unsubscribe facility that we include in our commercial electronic messages (such as emails and SMSes)

        Notification of source

        If we have collected the personal information that we use to send you marketing communications from a third party (for example a direct mail database provider), you can ask us to notify you of our source of information, and we will do so, unless this would be unreasonable or impracticable.

    • Who we may share your personal information with

      We may share your personal information with third parties where appropriate for the purposes set out under heading 4, including:

      financial institutions for payment processing

      referees whose details are provided to us by job applicants

      our contracted service providers, including:

      sales teams

      product vendors

      delivery and shipping providers

      information technology and data storage providers

      function and event organisers

      marketing and communications agencies

      research and statistical analysis providers

      call centres

      mail houses

      external business advisers (such as recruitment advisors, auditors and lawyers) In each case, we may disclose personal information to the service provider and the service provider may in turn provide us with personal information collected from you in the course of providing the relevant products or services.

    • Cross border disclosure of personal information

      We work with service providers, customers and commercial interests across the globe. It is likely that we will disclose personal information to third parties located overseas in the following countries:
      United States of America, United Kingdom and Canada
      In each case, we will comply with the requirements of the Privacy Act that apply to cross border disclosures of personal information.

    • Use of government related identifiers

      We will not:

      use a government related identifier of an individual (such as a Medicare number or driver’s licence number) as our own identifier of individuals; or

      otherwise use or disclose such a government related identifier,

      unless this is permitted by the Privacy Act (for example, use of an identifier to verify an individual’s identity or uses or disclosures required or authorised by or under an Australian law).

    • Data quality and security
      1. General

        We hold personal information in a number of ways, including in hard copy documents, electronic databases, email contact lists, and in paper files held in locked drawers and cabinets. We take reasonable steps to:

        make sure that the personal information that we collect, use and disclose is accurate, up to date and complete and (in the case of use and disclosure) relevant;

        protect the personal information that we hold from misuse, interference and loss and from unauthorised access, modification or disclosure; and

        destroy or permanently de-identify personal information that is no longer needed for any purpose that is permitted by the APPs.

        You can help us keep your information up to date, by letting us know about any changes to your details, such as your address, email address or phone number.

      2. Security

        The steps we take to secure the personal information we hold include website protection measures (such as firewalls and anti-virus software), security restrictions on access to our computer systems (such as login and password protection), controlled access to our corporate premises, policies on document storage and security, personnel security (including restricting access to personal information on our systems to staff who need that access to carry out their duties), staff training and workplace policies.

        Online credit card payment security

        We process payments using EFTPOS and online technologies. All transactions processed by us meet industry security standards to ensure payment details are protected.

        Website security

        While we strive to protect the personal information and privacy of users of our website, we cannot guarantee the security of any information that you disclose online and you disclose that information at your own risk. If you are concerned about sending your information over the internet, you can contact us by telephone or post (details under heading 11 below).

        If you are a registered user of our website, you can also help to protect the privacy of your personal information by maintaining the confidentiality of your username and password and by ensuring that you log out of the website when you have finished using it. In addition, if you become aware of any security breach, please let us know as soon as possible.

        Third party websites

        Links to third party websites (including those of our customer’s) that are not operated or controlled by us are provided for your convenience. We are not responsible for the privacy or security practices of those websites, which are not covered by this Privacy Policy. Third party websites should have their own privacy and security policies, which we encourage you to read before supplying any personal information to them.

    • Access and Correction
      1. General

        Please contact our Privacy Officer (details under heading 11 below) if you would like to access or correct the personal information that we hold about you. We may require you to verify your identity before processing any access or correction requests, to make sure that the personal information we hold is properly protected.

      2. Access

        We will generally provide you with access to your personal information, subject to some exceptions permitted by law. We will also generally provide access in the manner that you have requested (eg by providing photocopies or allowing a file to be viewed), provided it is reasonable and practicable for us to do so. We may however charge a fee to cover our reasonable costs of locating the information and providing it to you.

      3. Correction

        If you ask us to correct personal information that we hold about you, or if we are satisfied that the personal information we hold is inaccurate, out of date, incomplete, irrelevant or misleading, we will take reasonable steps to correct that information to ensure that, having regard to the purpose for which it is held, the information is accurate, up-to-date, complete, relevant and not misleading.

        If we correct personal information about you, and we have previously disclosed that information to another agency or organisation that is subject to the Privacy Act, you may ask us to notify that other entity. If so, we will take reasonable steps to do so, unless this would be impracticable or unlawful.

      4. Timeframe for access and correction requests

        Except in the case of more complicated requests, we will endeavour to respond to access and correction requests within 30 days.

      5. What if we do not agree to your request for access or correction?

        If we do not agree to your access or correction request, or if we do not agree to give you access in the manner you requested, we will provide you with a written notice setting out:

        the reasons for our decision (except to the extent that, having regard to the grounds for refusal, it would be unreasonable to do so); and

        available complaint mechanisms.

        In addition, if we refuse to correct personal information in the manner you have requested, you may ask us to associate with the information a statement that the information is inaccurate, out-of-date, incomplete, irrelevant or misleading, and we will take reasonable steps to do this in such a way that will make the statement apparent to users of the information.

    • Complaints

      If you have a complaint about how we have collected or handled your personal information, please contact our Privacy Officer (details under heading 11 below).

      Our Privacy Officer will endeavour in the first instance to deal with your complaint and take any steps necessary to resolve the matter within a week. If your complaint can’t be resolved at the first instance, we will ask you to complete a Privacy Complaint Form, which asks you to explain the circumstances of the matter that you are complaining about, how you believe your privacy has been interfered with and how you believe your complaint should be resolved.


      Complaints process

      We will endeavour to acknowledge receipt of the Privacy Complaint Form within 5 business days of receiving it and to complete our investigation into your complaint in a timely manner. This may include, for example, gathering the relevant facts, locating and reviewing relevant documents and speaking to relevant individuals.

      In most cases, we expect that complaints will be investigated and a response provided within 30 days of receipt of the Privacy Complaint Form . If the matter is more complex and our investigation may take longer, we will write and let you know, and tell you when we expect to provide our response.

      If you are not satisfied with our response, you can refer your complaint to the Office of the Australian Information Commissioner (see here for further information) or, in some instances, other regulatory bodies, such as the Victorian Health Services Commissioner (see here) or the Australian Communications and Media Authority (see here).
    • Our contact details

      Please contact us if you have any queries about the personal information that we hold about you or the way we handle that personal information. Our contact details are set out below.

      Mail: Privacy Officer, Suite 301, 448 St Kilda Rd, Melbourne VIC 3004


      Telephone: +61 3 8686 3355
      Further general information about privacy is available on the website of the Office of the Australian Information Commissioner at or by calling the OAIC’s enquiry line at 1300 363 992.

    • Changes to this Policy

      We may amend this Privacy Policy from time to time. The current version will be posted on our website and a copy may be obtained by contacting our Privacy Officer (details above).