Xtend Barre is committed to protecting the privacy of the personal information it collects and receives.
• the kinds of personal information Xtend Barre collects & holds;
• how Xtend Barre collects and holds your personal information;
• why Xtend Barre collects, holds, uses and discloses your personal information;
• how you may access and seek the correction of your personal information as held by Xtend Barre;
• how you may complain about a breach of the Australian Privacy Principles (APPs) or a registered APP code (if any) that Xtend Barre are bound by, and how Xtend Barre will deal with such a complaint; and
• if Xtend Barre is likely to disclose your personal information to overseas recipients and the countries in which such recipients are likely to be located (if it is practicable to specify those countries in this policy).
2. Your Personal Information
Xtend Barre only collects personal information (being information that identifies or could reasonably identify an individual) where Xtend Barre considers it to be reasonably necessary for Xtend Barre’s functions and activities.
Xtend Barre collects personal information to deliver our products and services to members including the following circumstances:
• processing and managing membership and franchisee applications;
• facilitating members access, including the provision of services at Xtend Barre Outlets;
• conducting marketing activities, research & special offers;
• accurately identifying who is using Xtend Barre’s services;
• communicating with members, franchisees & website visitors to Xtend Barre’s website and online enquiries;
• profiling our members & their interests;
• operating Xtend Barre’s business; and/or
• transferring memberships and making membership services available between outlets.
The types of personal information Xtend Barre collects includes:
• name, age, gender, date of birth & next of kin;
• health information (height, weight, medical conditions);
• license and banking details;
• contact details (including phone, fax and e-mail);
• views and opinions; and
• responses to forms and surveys (if any).
3. Your Sensitive Information
Sensitive information is information about you that reveals your racial or ethnic origin, political opinions, religious or philosophical beliefs or affiliations, membership of a professional or trade association, membership of a trade union, details of health, disability, sexual orientation or criminal record.
It is Xtend Barre’s policy to only collect your sensitive information where it is reasonably necessary for Xtend Barre’s functions or activities and either you have consented or Xtend Barre are required or authorised under law to do so.
The types of sensitive information Xtend Barre generally collects includes information relating to health issues that is necessary to properly tailor exercise programs to customers and related services. The types of health related information include: medical history, whether individuals are using medication, are pregnant and other health related information.
4. How Xtend Barre collects your personal information
Xtend Barre will solicit your personal information by lawful and fair means directly from you unless it is unreasonable or impracticable to do so.
Xtend Barre will collect directly personal information:
• by email;
• over the telephone (including calls and SMS);
• via social media and over the internet (including surveys);
• by written correspondence (such as letters, faxes);
• on hard copy forms (including registration forms, application forms, competition entry forms and surveys);
• in person;
• through the Xtend Barre website (online purchases, web form submission or participation in a live chat);
• electronic systems such as applications; and
• through Xtend Barre’s security surveillance cameras.
Xtend Barre may collect information from third parties including:
• market researchers & direct marketing providers;
• parents or guardians of underage members;
• our current members (refer a friend);
• the Australian Tax Office (ATO) and the Australian Securities and Investment Commission (ASIC); and
• public sources (directories, membership lists, professional and trade associations, ASIC, bankruptcy or court registry searches).
5. Unsolicited personal information
Unsolicited personal information is personal information Xtend Barre receives that Xtend Barre has taken no active steps to collect (such as a job application sent to Xtend Barre by an individual on their own initiative, rather than in response to an advertisement).
Xtend Barre may keep records of unsolicited personal information if the information is reasonably necessary for one or more of Xtend Barre’s functions or activities. If not, it is Xtend Barre’s policy to destroy the unsolicited information or ensure that the information is de-identified, provided it is lawful and reasonable to do so.
6. Using your personal information
The main purposes for which Xtend Barre collects, holds, uses and discloses personal information are to provide services and benefits to members, and to grow Xtend Barre’s membership.
Xtend Barre can use your information to:
• process applications for memberships, franchisees & prospective franchisees;
• understand Xtend Barre members’ needs and requirements;
• manage & run Xtend Barre’s website & social media platforms;
• provide you with information about Xtend Barre’s services;
• delivering or enhancing Xtend Barre’s products and services;
• help Xtend Barre maximise the benefits provided to members;
• any other purpose directly related to Xtend Barre’s business and for which you have provided consent (where it is reasonably required by law).
Xtend Barre’s website requires subscriptions or registrations to use certain services, functions or content. You will know what information is being collected via these processes when you complete the relevant forms and provide the required details prior to submitting the application. Xtend Barre will collect data relating to any transactions you carry out through Xtend Barre’s website and the fulfilment of your order.
Xtend Barre may also use your data to monitor for any unauthorised use of Xtend Barre’s website, content or subscriptions to Xtend Barre’s services.
7. Purpose of collection
If Xtend Barre collects personal information for a purpose (the primary purpose), Xtend Barre will not use or disclose the information for any other purpose (the secondary purpose) unless:
you would have consented to the use or disclosure of your personal information; or in relation to the use or disclosure of your personal information:
• you would reasonably expect Xtend Barre to use or disclose your information for the secondary purpose and the secondary purpose is directly related to the primary purpose (sensitive information) or related to the primary purpose (not sensitive information);
• use or disclosure is required or authorised under Australian law or a court/tribunal;
• a permitted situation exists in relation to Xtend Barre’s use or disclosure of the information;
• a permitted health situation exists in relation to use or disclosure of the information; or
• Xtend Barre reasonably believes that the use or disclosure of the information is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body.
If Xtend Barre uses or discloses your information because Xtend Barre reasonably believes that the use or disclosure of your information is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body, Xtend Barre will make a written note of the use or disclosure.
8. Do you have to provide personal information?
You can refuse to provide personal information. However, refusal may mean that the service you requested is not provided or membership will be refused or forfeited.
9. Sharing your personal information
Xtend Barre may use and disclose personal information for related purposes to third parties. Types of organisations to whom Xtend Barre may disclose your personal information includes:
• Xtend Barre’s master franchisor;
• government bodies such as ATO, ASIC, Australian Prudential Regulatory Authority and the police or courts (as required by law);
• various law enforcement agencies and governments for security, customs and immigration purposes;
• banking service providers;
• rewards partner program providers;
• Xtend Barre contracted service providers including:
• information technology service providers;
• planning research and development providers;
• conference organisers;
• marketing and communications agencies;
• freight and courier services;
• debt collectors and banks; and
• external advisers (recruiters, auditors & lawyers).
Xtend Barre does not rent, sell or exchange your personal information to third parties without your prior approval.
10. Government Identifiers
Xtend Barre does not adopt, use or disclose government related identifiers (such as a Medicare number or licence number) as Xtend Barre’s own identifier for you unless:
• it’s required/authorised by law or court/tribunal order;
• it’s reasonably necessary to verify your identity;
• it’s reasonably necessary to fulfil Xtend Barre’s obligations; or
• Xtend Barre reasonably believes it is reasonably necessary for one or more enforcement related activities.
To improve Xtend Barre’s services, Xtend Barre may sometimes collect de-identified information from web users. The information collected does not identify an individual but does help Xtend Barre to analyse and improve its web services.
When you visit Xtend Barre’s website, a record of your visit may be logged and the following data may be supplied by your browser:
• your IP address and/or domain name;
• your operating system (type of browser & platform);
• the date, time and length of your visit; and
• the resources you accessed or downloaded.
Xtend Barre uses this information to customise the website for visitors and to collect data for analysis, quality control, administration and improving the website. It is not used for any other purpose. Aggregated data may be shared with third parties.
You can stop your browser from accepting new cookies or disable cookies altogether by changing your browser preferences.
12. Links to other websites
Links to third party websites that Xtend Barre does not operate or control are provided for your convenience. Xtend Barre is not responsible for the privacy or security practices of those websites. Third party websites should have their own privacy and security policies which Xtend Barre encourages you to read before supplying any personal information to them.
13. Direct Marketing
If Xtend Barre holds your information, Xtend Barre may use or disclose that information (other than sensitive information) for direct marketing if:
• Xtend Barre collected the information from you; and
• you would reasonably expect Xtend Barre to use or disclose the information for that purpose; and
• Xtend Barre provided you with a simple way to opt out of receiving direct marketing from Xtend Barre; and
• you have not made such an opt out request to Xtend Barre.
Xtend Barre may also use or disclose your information (other than sensitive information) for direct marketing if:
Xtend Barre collected the information from you and you would reasonably expect Xtend Barre to use or disclose the information for that purpose; and
• you have consented to the use or disclosure of the information for that purpose; or
• it is impracticable to obtain that consent; or
• Xtend Barre provided you with a simple way to opt out of receiving direct marketing from Xtend Barre; and
• in each direct marketing communication with you:
• Xtend Barre includes a prominent statement that you can request to opt out; or
• Xtend Barre otherwise draw your attention to the fact that you can request to opt out; and
• you have not made such a request to Xtend Barre.
Xtend Barre can use or disclose your sensitive information for the purpose of direct marketing if you have consented to the use or disclosure of that information for direct marketing.
If Xtend Barre has collected the personal information that Xtend Barre used to send you direct marketing material from a third party, you can ask Xtend Barre to notify you of its source of information. It is Xtend Barre’s policy to do so unless it is unreasonable or impracticable.
14. How to opt out of direct marketing
If Xtend Barre uses or discloses your personal information for the purpose of direct marketing, you may request not to receive direct marketing communications from Xtend Barre.
If Xtend Barre uses or discloses your personal information for the purpose of facilitating direct marketing by other organisations, you may request that Xtend Barre does not use or disclose your information for this purpose.
Xtend Barre will give effect to your request not to receive direct marketing from Xtend Barre or an entity facilitated by Xtend Barre free of charge within a reasonable time after the request is made.
15. Collection Notices
At or before the time of collection of personal information from you, or as soon as practicable afterwards, Xtend Barre will take reasonable steps to notify you or to otherwise ensure that you are aware of certain matters. Xtend Barre will generally include these matters in a collection notice. For example, where personal information is collected on a paper or website form, Xtend Barre will include a collection notice, or a clear link to it, on the form or a separate follow up communication.
16. Protecting your personal information
Xtend Barre stores information in different ways, including paper and electronic form. Xtend Barre takes reasonable steps to protect it from misuse, interference, loss, unauthorised access, modification or disclosure including:
• secure password protected databases for storage;
• confidentiality requirements of staff;
• servers kept at a secure location with limited access;
• document storage security requirements;
• granting access only to verified individuals;
• access controls for Xtend Barre’s buildings;
• limited the provision of personal information to third parties and subject to guarantees about use; and
• training staff to deal with the information.
Xtend Barre cannot guarantee that personal information will be protected against unauthorised access or misuse and Xtend Barre does not accept any liability for the improper actions of unauthorised third parties.
Xtend Barre will retain your personal information for as long as necessary to fulfil Xtend Barre’s obligations to you, to protect its legal interests, to comply with laws or as otherwise stated to you when Xtend Barre collects your personal information.
Once Xtend Barre is no longer required to retain your personal information, Xtend Barre will take reasonable steps to destroy your personal information or to ensure that your personal information is de-identified.
17. Disclosing your personal information overseas
Xtend Barre may disclose your personal information to other third party service providers operating outside Australia who work with Xtend Barre or one of Xtend Barre’s suppliers, related companies, agents, or partners, or its master franchisor. Xtend Barre may also store your personal information on servers based overseas or in the “cloud” or other types of networked or electronic storage.
Before disclosing your personal information to an overseas third party, Xtend Barre will first take reasonable steps to ensure that the overseas recipient:
• does not breach the APPs in relation to your personal information; or
• the recipient of the information is subject to a law, or binding scheme, that has the effect of protecting your personal information in a way that is substantially similar to the way in which the APPs protect the information.
Personal information may be disclosed by Xtend Barre to other Xtend Barre entities and third parties in jurisdictions including Australia, Canada and the United States of America.
You acknowledge and understand that by providing such consent:
• Xtend Barre will not be required to take steps as are reasonable in the circumstances to ensure that such third parties comply with the APPs.
• If the overseas recipient handles your personal information in breach of the APPs: Xtend Barre will not be liable under the Act; and you will not be able to seek redress under Act.
• The overseas recipient may not be subject to any privacy law or principles similar to the APPs.
• You may be unable to seek redress overseas
• The overseas recipient may be subject to a foreign law that could compel the disclosure of personal information to a third party, such as an overseas authority.
If you withdraw consent, Xtend Barre will not rely on this consent when dealing with your personal information going forward.
You have the option of not identifying yourself or using a pseudonym when dealing with Xtend Barre provided that is it lawful and practicable.
Xtend Barre will try to accommodate a request for anonymity if possible. However, your right to anonymity does not apply in relation to a matter if: Xtend Barre is required/authorised by law or court/tribunal order to deal with identified individuals; or it is impracticable for Xtend Barre to deal with individuals who have not identified themselves.
It is Xtend Barre’s policy to enable you to access Xtend Barre’s website and make general phone queries without having to identify yourself and to enable you to respond to Xtend Barre’s surveys anonymously.
In some cases however, if you don’t provide Xtend Barre with your personal information when requested, Xtend Barre may not be able to respond to your request or provide you with service. For example, you must identify yourself to become a Xtend Barre member or franchisee.
19. Accessing to your personal information
You have the right, upon request, to access any of Xtend Barre’s records containing your personal information.
To request access to your personal information please contact the Privacy Officer. Xtend Barre will respond to your request to access your personal information within a reasonable period of time.
On the basis that it is reasonable and practicable to do so, Xtend Barre will give you access to the information requested.
If Xtend Barre refuses your request to access personal information, Xtend Barre will provide a written notice setting out the reasons for the refusal & how you can complain about the refusal.
Reasons for a refusal may include if it:
• poses a serious threat to the life, health or safety;
• would have unreasonable impact on privacy of others;
• is frivolous or vexatious;
• relates to legal proceedings;
• reveals Xtend Barre’s intentions or prejudices any negotiations;
• would be unlawful;
• is required or authorised by law or court/tribunal order;
• is likely to prejudice enforcement related activities; or
• relates to a commercially sensitive decision process.
When you make a request to access personal information, Xtend Barre will require you to provide some form of identification (such as a driver’s licence or passport) so Xtend Barre can verify that you are the person to whom the information relates.
20. Help Xtend Barre keep your personal information accurate
Xtend Barre will take reasonable steps to ensure Xtend Barre’s records of personal information are accurate, up to date and complete.
However, the accuracy of information depends to a large extent on the information you provide. If you do not give Xtend Barre all the personal information Xtend Barre may require, or the personal information provided is inaccurate or incomplete, then the products, services and information Xtend Barre provide may be affected.
If you think there is something wrong with the information Xtend Barre holds about you please contact the Privacy Officer to:
• let Xtend Barre know if there are any errors; and
• keep Xtend Barre up-to-date with any changes,
• and Xtend Barre will try to correct your personal information.
Xtend Barre will respond to your request to correct your personal information free of charge and in a reasonable period of time. If Xtend Barre refuses your request, Xtend Barre will provide you with a written notice setting out the reasons for the refusal and mechanisms available to complain about the refusal.
If Xtend Barre refuses to correct your personal information, you may request that Xtend Barre associate your information with a statement that the information is inaccurate, out of date, incomplete, irrelevant or misleading. Xtend Barre will take reasonable steps to make the statement visible to users of your personal information.
If Xtend Barre does correct your personal information and Xtend Barre has previously disclosed your personal information to a third party, upon your request, Xtend Barre will notify that third party of the correction unless it is impracticable or unlawful to do so.
21. Dealing with SPAM and Do Not Call register
Xtend Barre will not send you any commercial electronic messages unless it is permitted by the Spam Act (e.g., Xtend Barre has your express/inferred consent). Any commercial electronic message that Xtend Barre sends will identify Xtend Barre as the sender and will include relevant contact details and an unsubscribe facility. If you do not wish to receive commercial electronic messages from Xtend Barre, please contact the Privacy Officer.
Xtend Barre will not call you on a number on the Do Not Call Register unless permitted under the Do Not Call Register Act & related instruments. If you don’t wish Xtend Barre to call you on a particular number, please contact the Privacy Officer.
22. Resolving your privacy issues
If you have any issues you wish to discuss with Xtend Barre or if you’re concerned about how Xtend Barre has collected or managed your personal information please contact the Privacy Officer.
For information about privacy or if your concerns are not resolved, contact the Office of the Australian Information Commissioner at www.oaic.gov.au and on 1300 363 992.
24. Xtend Barre privacy officer
Xtend Barre’s privacy officer can be contacted at:
Email: [email protected]
Telephone: 02 9415 5360
Post: Level 2, 71 Longueville Road, Lane Cove NSW 2066
Updated 18 October 2017