PRIVACY POLICY

Compliance with Privacy Obligations

  1. CWG XB Pty Ltd (ACN 621 963 504) (‘XTEND’) and its related bodies corporate (collectively referred to as XTEND or our or we) is a health and fitness group granting rights to third party licensees for boutique fitness studios (Services).
  2. XTEND values its customers and their concerns about privacy and engages in consistent information practices and uses its best efforts to make clear disclosures regarding those practices.
  3. This Privacy Policy sets out the policy of XTEND with respect to the way in which we collect, use, disclose, store, secure and dispose of Personal Information (as that term is defined in the Privacy Act 1988 (Cth) (Act)) about our customers, licensees and employees including through our website at www.xtend.com.au and other online or digital platforms (including via any applications developed or operated by XTEND) (Online Platforms).
  4. XTEND is bound by the Australian Privacy Principles set out in Schedule 1 of the Act. A copy of the Australian Privacy Principles may be obtained from the website of The Office of the Australian Information Commissioner at oaic.gov.au.
  5. XTEND is dedicated to ensuring that personal and sensitive information is gathered with respect to the individual and aims to exercise the highest standard of care in preserving privacy of information in all areas of operation.

Collection of Personal and Sensitive Information

  1. For the purposes of this Privacy Policy, “Personal Information” is defined under the Act and characterised as being information or an opinion about an individual whose identity is apparent or can reasonably be ascertained from that information or opinion. “Sensitive information” is information about you that reveals your racial or ethnic origin, political opinions, religious or philosophical beliefs or affiliations, membership of a professional or trade association, membership of a trade union, details of health, disability, sexual orientation, or criminal record.
  2. The types of Personal Information generally collected by us include your name, address, date of birth, mobile and telephone numbers, e-mail address, credit card or bank account details, occupation and employer, driver’s licence number and emergency contact details. Personal Information is also collected when individuals provide business cards or other documentation to us containing such Personal Information. Personal Information also includes information we collect in the course of providing the Services to individuals and via external communications.
  3. We may also collect behavioural and/or statistical information about individuals or businesses in connection with the Services.
  4. The types of Sensitive Information that may be required to be collected by XTEND may include health, immunisation, vaccination, or other health information which ensures we are able to comply with our legal obligations or risk assessments. This includes, but is not limited to, obtaining vaccination and immunisation records or information in respect of and in response to any pandemic or epidemic (including Covid-19) where government regulations or public health orders apply to the provision of Services. We will obtain specific consent in circumstances where it is necessary to collect Sensitive Information.
  5. Without limiting the way in which we may collect your Personal Information, this will generally occur in association with your use or utilisation of the Services, if you make an enquiry about XTEND or via generally dealing with us directly.

Use of Personal and Sensitive Information

  1. Any Personal or Sensitive Information that we collect about individuals will be used and disclosed by us to provide the Services required or otherwise to enable us to carry out our functions.
  2. We also collect your Personal Information so that we can carry out the following actions:
    • to communicate with you, including about our Services and offers which might interest you;
    • to provide you with information;
    • to process payments by you or to you in connection with our Services;
    • to create accounts, tax invoices or receipts (electronic or otherwise);
    • to provide your Personal Information to third parties in order to them to supply some aspect of the Services;
    • to consider and respond to communications or complaints made by you.
  3. XTEND will disclose Personal Information to third party business partners when they provide services to XTEND that are consistent with the terms of this Privacy Policy. When we outsource or contract out specific support services, our contractors may access individuals’ Personal Information. It is important to note that all our contractors are subject to strict confidentiality obligations. We take great pride in operating only with reputable business partners.
  4. Personal or Sensitive Information that is in our possession is not a subject to rent, sale or any other disclosure to any other company or organisation, except where otherwise lawfully permitted under this Privacy Policy or without prior consent of individuals where that consent is required by law. Individuals consent to our use and disclosure of their Personal Information where it is incidental to a sale of our business (or any part thereof) to a third party or where the Personal Information is or becomes de-identified as otherwise permitted under clause 34 below. 
  5. XTEND will disclose Personal Information if it is under a legal requirement to do so (for example, under a court order, or if required under legislation), or if an authorised request is made from a law enforcement agency.

Information provided by Franchisees

  1. Information of a personal and sensitive nature is provided to XTEND by its potential licensees. The information is used to evaluate the suitability of the applicants becoming XTEND licensees. XTEND may make enquiries and check accuracy of information at the consent of the potential licensees, this will be the only time XTEND may disclose such information to third parties unless required in accordance with the Act.
  2. It is at the discretion of an applicant to provide information requested; however, this may obstruct the process of assessing their suitability. The Personal Information of successful applicant will form part of an ongoing licensee record. Should the application be unsuccessful, the applicant will be given the opportunity to have the collected information returned or permanently destroyed.

Information provided by employees

  1. Any employment application provided to XTEND will be used solely for the purpose of analysing or considering the suitability for an available position. Personal Information will only form part of an employee record if the application is successful. The Personal Information about employees will only be disclosed by XTEND if required by law to authorised government agencies i.e. Australian Taxation Office or as otherwise directed or consented to by employee.
  2. Any unsuccessful applications will remain on file to be revisited should suitable opportunities arise in the future. If required or requested by the applicant, applications (including the Personal Information contained therein) may be returned or permanently destroyed.

Xtend members and other individual’s dealings with Licensees

  1. This Privacy Policy applies to XTEND and its related bodies corporate only. Where XTEND has granted the rights to licensees to use XTEND’s intellectual property in the operation of a licensee’s fitness business, any dealings with the licensee by members (or prospective members) and other persons will be governed by the licensee’s own policies, terms and conditions. XTEND disclaims any liability or obligations in respect of individuals dealings with a licensee of XTEND. 

Online Platform Privacy

  1. The Privacy Policy outlines our approach to online privacy issues regarding Personal Information collected through our Online Platforms. Our Online Platforms include, but are not limited to:
    • our website: https://www.xtend.com.au
    • our digital or online applications (including the XTEND App) as developed from time to time;
    • our social media accounts or profiles, if any, such as (without limitation) Facebook, Instagram, YouTube, and Twitter (but at all times being subject to the terms and conditions of use and privacy policies of the websites hosting those accounts or profiles); and/or
    • any other online or digital platforms or software from which XTEND may provide the Services or you may communicate with XTEND.
  2. XTEND will handle Personal Information collected online with the utmost care and will not knowingly use it in ways not explicitly consented to by you.
  3. XTEND will handle Personal Information collected online consistently with the way that it handles Personal Information collected offline. Other matters specific to our handling of Personal Information online are set out below.

Cookies

  1. No Personal Information is collected by XTEND when individuals visit our Online Platforms, unless they chose to provide it to us (for example, by sending us emails through our Online Platforms). However, we may collect certain data that does not identify individuals (sometimes called “web log information”) when they visit certain pages (such as the type of browser and operating system they have). We may also use “cookies” which are small files that are stored on computer and that manage the security and navigation process of the site. Users can choose to block these cookies, but some portions of the site may not function correctly if they do. This type of data is collected for statistical purposes only, and while cookies will identify a computer, they are unlikely to identify users personally.

Email/SMS Marketing

  1. We will not distribute our marketing material via SMS unless customers have consented to this. This is a requirement of the Spam Act 2003 (Cth). Further, you can unsubscribe from any e-newsletter or other bulletins we may distribute by using the “unsubscribe” facility contained in each electronic publication we send. Occasionally, XTEND may send promotional email messages to prospective customers to market a service or activity. This will only be done on the reasonable belief that customers would be interested in the subject matter. In every case customers will be provided with clear and simple instructions on how to be removed from our mailing list.

Site Security Policy

  1. Our Online Platforms use up-to-date technology to maximise the security of user’s Personal Information. XTEND places an importance on the security of all information associated with our customers. Our security and this Privacy Policy are continually reviewed and updated and the user information is accessed by authorised personnel. We aim to prevent accidental manipulation, destruction, use, disclosure loss or unauthorised access of Personal Information and/or data.

Hyperlinks to other Websites

  1. Our Online Platforms may contain links to other websites which we do not control including but not limited to websites of our licensees; they are not covered by our Privacy Policy. If users access other websites using the links provided, operators may collect information from users and use it in accordance with their own privacy policy, which may differ from ours. We have no control over the types of information third-party site owners choose to collect and how they use it.

Social Networking Acceptable Use Policy

  1. XTEND encourages all comments on any of our social networking pages (Facebook, Instagram YouTube, Twitter etc.), as we would like to hear from our followers, customers, fans, clients, friends, and staff. Customer views, news, ideas, insights, and criticisms about XTEND are very important to us, yet the social networking sites must not be used to abuse others, expose others to offensive or inappropriate content, or for any illegal or unlawful purpose.
  2. It is the user’s responsibility to protect their personal privacy when using our social networking pages. We advise users not to include any Personal Information of either themselves or of others in their published posts or comments (such as email addresses, private addresses, or phone numbers).
  3. In addition, it is recommended to refrain from posting materials to any of our social media pages or profiles that infringe the intellectual property rights of others and not to include internet addresses or links to websites, or any email addresses in such published posts.
  4. Any information posted to the XTEND Social Networking pages (Facebook, Instagram, YouTube, Twitter, and others) is recorded and used for the purpose of administering pages and addressing any comments made, while no attempt will be made to identify users except where authorised by law.
  5. We are not responsible for the privacy practices or content of social networking pages (Facebook, Instagram, YouTube, Twitter, and others). The responsibility of XTEND is limited to our own published posts made on the official XTEND Australia social media accounts.
  6. XTEND licensees may operate their own social networking pages, those pages are separate from XTEND and will be covered by the respective licensees policies, terms and conditions. 

Hyperlinks to other Websites

  1. We may use your Personal Information in de-identified form (de-identification being a process by which a collection of data or information is altered to remove or obscure personal identifiers and personal information) to assist us in running our business. We may also provide, including by way of sale, de-identified information in aggregated form, to third parties. This information may include (but is not limited to):
    • age demographics;
    • purchasing trends;
    • trends and statistics in relation to the Services;
    • statistics about purchasing patterns of the Services;
    • statistics surrounding the Services.

  2. When your Personal Information is included in de-identified, aggregated data, it is not possible to identify you or anything about you from that data.

Security

  1. We use all reasonable endeavours to secure any Personal or Sensitive Information that we hold and aim to keep this information accurate and up-to-date. Technical and organisational security measures are in place to ensure the security of information and to protect it against deliberate or accidental manipulation, destruction, use, disclosure loss or unauthorised access.
  2. Personal and Sensitive Information is stored behind industry standard firewalls and where applicable, protected by usernames and passwords. Where appropriate, Personal and Sensitive Information is kept within a locked storage room.

Changes to Privacy Policy

  1. XTEND reserves the right to change this Privacy Policy without prior notice. Any changes to Privacy Policy will be posted on the XTEND website or via our other online platforms or we may decide to inform you via other means, such as by way of direct email communication. In order to remain updated and informed on protection of Personal and Sensitive Information, we encourage users to review this Privacy Policy regularly. If, at any time, you have questions, comments or concerns about our privacy commitment, or our privacy obligations please contact us.

Access and correction of your Personal Information

Contact details

  1. You can provide a written request or complaint to our Privacy Officer as follows;
  2. This Privacy Policy applies to XTEND, its employees, franchisees, and contractors.
If we decide not to correct or provide you with access to your Personal Information, we will give you our reasons for our decision.

Complaints

  1. If you have a complaint about the way we have dealt with your Personal Information, please contact us at via the details available in the previous section of this Privacy Policy.
  2. We will make all reasonable attempts to respond to your complaints or requests.

GDPR

  1. If you are a resident of the European Union accessing our online platforms in Australia or accessing our online platforms or receiving our Services from within the European Union, then in addition to our obligations under the Act, XTEND is required to comply with the General Data Protection Regulation (EU) 2016.679 (GDPR) with respect to your Personal Information.
  1. Any reference to Personal Information in this Privacy Policy is also a reference to Personal Data (as defined under the GDPR).
  2. XTEND takes the security and privacy of your Personal Information seriously and has prepared this Privacy Policy and taken measures to collect, process and hold all Personal Information in compliance with both the Act and GDPR regardless of the user. Therefore, no additional terms for GDPR users are required.

More Information

  1. If you have any questions about anything in this Privacy Policy, or about our collection or personally identifiable information, or information generally, please contact XTEND as follows:

XTEND

Level 1, 110 Alexander Street

Crows Nest NSW 2065, Australia

support@xtend.com.au

This Privacy Policy was last revised on 29 November 2023.