Privacy Policy

3.1 In this section, we set out first the personal information we collect relating to all Users which we are the data controller in respect of (i.e. which Xref determines how to use within the scope of this Privacy Policy without reference back to the Employer). We then set out the information we collect as a data processor on behalf of the Employer who is the data controller of that information (i.e. which we only hold and process as instructed by the Employer). In relation to both categories we set out:

The personal information we collect;
How we collect the personal information; and
The purposes for which we use and disclose personal information.

Please note that this does not describe the Employer’s use of personal information which the Employer is responsible for providing its own privacy notice or policy in respect of.

3.2 Under European Data Protection Law, we are required to identify the “legal grounds” on which we rely to process the information, and these are set out next to each purpose for which we are a data controller. More information on legal grounds can be found at Appendix A

3.3 Information we collect from All Users

(a) Personal information we collect

Contact Information: including your name, email address, phone number and other contact details
Our correspondence: if you contact us, we will typically keep a record of that correspondence

Website and communication usage: details of your visits to the websites and information collected through cookies and other tracking technologies including, but not limited to, your IP address and domain name, your browser version and operating system, traffic data, location data, web logs and other communication data, and the resources that you access.

(b) How we collect personal information

We collect personal information from you directly.

(c) Purpose of use and disclosure

We process your personal information as a data controller for the following purposes:

To provide our services to carry out our obligations arising from any agreements between you or the Employer and us, to respond to your queries and otherwise communicate with you.

Legal bases: contract performance, legitimate interests (to enable us to perform our obligations and provide our services to you)

To improve our services to make our services more valuable or useful (e.g. when you have provided us with feedback), including to make our websites function correctly and undertake analytics (please see section 4 below).

Legal bases: consent, legitimate interest (to enable us to provide better services and to provide anonymised aggregated insight to our clients)

To inform you of changes to notify you about changes to our services.

Legal bases: legitimate interests (to notify you about changes to our services)

To reorganise or make changes to our business in the event that we (i) are subject to negotiations for the sale of our business or part thereof to a third party; (ii) are sold to a third party; or (iii) undergo a reorganisation, we may need to transfer some or all of your personal information to the relevant third party (or its advisors) as part of any due diligence process for the purpose of analysing any proposed sale or re-organisation. We may also need to transfer your personal information to that re-organised entity or third party after the sale or reorganisation for them to use for the same purposes as set out in this policy.

Legal bases: legitimate interests (in order to allow us to change our business)

To comply with legal or regulatory obligations we may process your personal information to comply with our legal and regulatory requirements, which may include disclosing your personal information to third parties, the court service and/or regulators or law enforcement agencies in connection with enquiries, proceedings or investigations by such parties anywhere in the world or where compelled to do so. Where permitted, we will direct any such request to you or notify you before responding unless to do so would prejudice the prevention or detection of a crime.

Legal bases: legal obligations, legal claims, legitimate interests (to cooperate with law enforcement and regulatory authorities)

To third parties under our control to assist us with service delivery we may disclose your personal information to our service providers, contractors, agents, advisors (e.g. legal, financial, business or other advisors) and other Xref group companies that perform activities on our behalf always subject to suitable safeguards. Specifically, we may disclose contact information of Candidates to third parties under our control where an Employer has requested identity verification services.

Legal bases: legitimate interests (in order to use specialist service providers and operate our business efficiently)

3.4 Employers Representatives

(a) Personal information we collect

In addition to the information set out in the All Users section above, where you are a manager, we may also collect:

your rehire recommendations about Employees, as well as verifying their employment dates, skills and competencies.
Payment and Billing Information: This may include any billing information such as your direct debit and credit card, and/or EFT details for billing purposes.

(b) How we collect personal information

We collect personal information from you directly:

when you provide verification information to us in response to a request from an Employee:

We also collect personal information about you from your Employer who has asked you to provide verification of your employment details.

(c) Purpose of use and disclosure

We also process your personal information as a data controller for the following purposes:

For marketing purposes to send you offers and marketing materials about Xref and Xref’s suppliers and partners' products and services by email or SMS, and where required by law, we will ask for your consent before we conduct any of these types of marketing. If you wish to opt out from receipt of marketing materials sent by Xref at any time, please use the opt out mechanism in the marketing material or contact the Privacy Officer to let us know.

Legal bases: consent, legitimate interest (to keep you updated with news in relation to our services)

For payments and billing purposes to bill you, as a representative of your office, or your office for the use of our platform. We may collect your billing information before your use of our platform. You can choose or change your preferred method of payment by contacting your Xref account manager or emailing support@xref.com.

Legal bases: consent, performance of contract with Users.

3.5 Candidates

(a) Personal information we collect

In addition to the information set out in the All Users section above we may collect the following additional information as a processor for the Employer.

Reference Information: including your work experience, job titles, qualifications, period of employment, aptitude test results, opinions about your work performance provided by Employers and/or Referees
Sensitive Information: including information to assess your work authorisation or visa requirements (if any), criminal record (or proceedings), health or disability information

(b) How we collect personal information (including personal information of your chosen Referees)

We collect personal information from you directly when you provide information to us relating to your references, but also collect personal information about you from your potential Employer and your Referees.

As a Candidate, we will assume that you have clear consent from your chosen Referees to supply their names and contact details (including email address) to us so that we can contact them on your behalf to obtain a reference about you which will be supplied to the Employer interested in potentially hiring you. If you do not have that consent, please do not provide their details to us.

(c) Purpose of use and disclosure

Except as set out in the All Users section above, we process your personal information on behalf of your potential Employer. In providing our services to the potential Employer, we will use your information to communicate with you, organize your application information, coordinate your references, authenticate your identity and respond to your questions, queries or requests regarding our services. We will need to disclose your information to the Employer who will be a client of Xref and will have requested us to seek references in relation to your potential employment by them. The Employer’s processing of such personal information will be subject to the privacy notice or policy of the Employer.

3.6 Referees

(a) Personal information we collect

In addition to the information set out in the All Users section we may collect the following additional information as a processor for the Employer.

Employment Information: including your position, the name of the organisation you are or were working with and the dates covering the period of time in which you are providing a reference for the Candidate. In addition, we may collect your current job title, your current organisation and your current job location, but only if you consent for us to do so.
Any opinions you give on the Candidate

(b) How we collect personal information

We collect personal information from you directly:

when you provide information to us in response to a request for reference, and/or:
when you consent to be contacted by a prospective employer about potential job opportunities or your recruitment needs as a hiring manager.

But we also collect personal information about you from Candidates who have asked you to provide a reference for them.

(c) Purpose of use and disclosure

Except as set out in the All Users section above, we process your personal information on behalf of the (potential) Employer of the Candidate who has asked you to provide a reference for him/her. In providing our services to the Employer, we will use your information to communicate with you, coordinate the opinion you provide about the Candidate, authenticate your identity and respond to your questions, queries or requests regarding our services, and where you have consented to being contacted by a potential employer we will use your information in our analytics platform, People Search. We will need to disclose your information to the potential Employer who will be a client of Xref and will have requested us to seek references from you in relation to the Candidate. The Employer’s processing of such personal information will be subject to the privacy notice or policy of the Employer.

For marketing purposes, we may use your name, email address and contact details to send you more information and marketing materials about Xref and Xref’s suppliers and partners’ products and services by email, phone or SMS, and where required by law we will ask for your consent before we conduct any of these types of marketing. If you wish to opt out from receipt of marketing materials sent by Xref at any time, please use the opt out mechanism in the marketing material or contact the Privacy Officer to let us know.

3.7 Employees

(a) Personal information we collect

In addition to the information set out in the All Users section above, we may collect the following additional information as a processor for the Employer.

Sensitive Information: including information to assess your work authorisation or visa requirements (if any), criminal record (or proceedings), health or disability information
Exit Check Information regarding departing employees: including, your feedback on your organisation, reason for leaving, your manager’s details, job titles, period of employment, your skills and competencies, and any roles you may be interested in in the future.
Xref Pulse Surveys: including, your feedback on your organisation, department within your organisation, and any personal information provided as a survey answer
Xref Engage Employee Surveys: including, your feedback on your organisation, department in the organisation, and any personal information provided as a survey answer. At times, we may collect personal information from a third party or from a publicly available source, but only if you have consented to your information being used in this way or would reasonably expect us to collect it in this way.
Trust Marketplace Background Checks: including, background check information provided through Trust Marketplace partners

(b) How we collect personal information

We collect personal information from you directly when you provide information to us relating to your Exit check, Pulse Survey, and Engage Survey, but also collect personal information about you from your Employer.

We will assume that you have clear consent from your chosen manager to supply their names and contact details (including email address) to us so that we can contact them on your behalf to verify your skills and competencies which will be supplied to the Employer. If you do not have that consent, please do not provide their details to us.

(c) Purpose of use and disclosure

Except as set out in the All Users section above, we process your personal information on behalf of your Employer. In providing our services to your Employer, we will use your information to communicate with you, coordinate your exit check, authenticate your identity and respond to your questions, queries or requests regarding our service. We will need to disclose your information to the Employer who will be a client of Xref and will have requested us to seek an exit check from you. The Employer’s processing of such personal information will be subject to the privacy notice or policy of the Employer.

8.1 You have the right to access personal information Xref holds on you and to have incorrect information corrected. If you would like to obtain a copy of the personal information that Xref holds on you or to request a correction to personal information held by Xref, please contact our designated Privacy Officer who is accountable for Xref’s compliance with this Privacy Policy. The Privacy Officer can be contacted as follows:

Address: Xref Limited, L20, 135 King Street, Sydney NSW 2000, Australia

Email: privacy@xref.com

Phone: +61 2 8244 3099

8.2 Xref holds the information set out at sections 3.4 and 3.5 as a data processor of the Employer. This means that if you wish to exercise your data subject rights you must address the request to the Employer and Xref will assist the Employer to respond as directed by your Employer. In relation to the information set out at section 3.3, Xref is the controller and in relation to that information, you may have the right to require us to:

(a) provide you with further details on the use we make of your information;

(b) provide you with a copy of information that you have provided to us;

(c) update any inaccuracies in the personal information we hold;

(d) delete any personal information that we no longer have a lawful ground to use;

(e) where processing is based on consent, to withdraw your consent so that we stop that processing;

(f) to ask us to transmit the personal data you have provided to us, and we still hold about you to a third party electronically;

(g) object to any processing based on the legitimate interests ground unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights; and

(h) restrict how we use your information whilst a complaint is being investigated.

8.3 Your exercise of these data subject rights is subject to certain exemptions to safeguard the public interest (e.g. the prevention or detection of crime) and our interests (e.g. the maintenance of legal privilege). If you exercise any of these rights, we will check your entitlement and respond in most cases within a month.

8.4 If you are not satisfied with our use of your personal information or our response to any exercise of these rights, you have the right to complain to your local data protection regulator. If you are in the European Economic Area (EEA) a list of data protection regulators and their contact details can be found here.

8.6 If you have a dispute about personal information held by Xref and covered by the policy, we will investigate and provide you with a formal written response, generally within 30 days. We will investigate and deal with your complaint in a fair, efficient, and timely manner. You can contact us at:

Address: Xref Limited, L20, 135 King Street, Sydney NSW 2000, Australia

Email: privacy@xref.com

Phone: +61 2 8244 3099

If you are not satisfied with our response, you may make a complaint to the Office of the Australian Information Commissioner (OAIC). The OAIC may be contacted at:

Online: www.oaic.gov.au

Email: enquiries@oaic.gov.au

Mail: Office of the Australian Information Commissioner, GPO Box 5218 Sydney, NSW 2001

How Xref achieved a 0% gender gap with more female leaders

Privacy Policy

Our Commitment to Protecting Your Privacy

How Xref achieved a 0% gender gap with more female leaders

Privacy Policy

Our Commitment to Protecting Your Privacy

Book a free demo with one of our specialists