XBert Privacy Statement


Email support@xbert.io

Last updated 10 November 2021

XBERT PTY LTD ABN 26 632 237 293

XBERT PTY LTD ABN 26 632 237 293 (we, us or our), understands that protecting your personal information is important. This Privacy Policy sets out our commitment to protecting the privacy of personal information provided to us, or otherwise collected by us when providing our web-based cloud accounting software, Xbert (Services) or when otherwise interacting with you.

This Privacy Policy takes into account the requirements of the Privacy Act 1988 (Cth) and the Australian Privacy Principles. In addition to Australian laws, individuals located in the European Union (EU) may also have rights under the General Data Protection Regulation 2016/679 (GDPR).

The information we collect

Personal information: is information or an opinion, whether true or not and whether recorded in a material form or not, about an individual who is identified or reasonably identifiable. Personal information under the GDPR is referred to as personal data and is defined as information relating to an identified or identifiable natural person (individual).

The types of personal information we may collect about you include:
    • your username and password;
    • information you provide to us, including through feedback, customer surveys or otherwise;
    • details of products and services we have provided to you and/or that you have enquired about, and our response to you;
    • support requests submitted to us and our response to you;
    • your browser session and geo-location data, device and network information, statistics on page views and sessions, acquisition sources, search queries and/or browsing behaviour;
    • information about your access and use of our Services, including through the use of Internet cookies, your communications with our online Services, the type of browser you are using, the type of operating system you are using and the domain name of your Internet service provider;
    • additional personal information that you provide to us, directly or indirectly, through your use of our Services, associated applications, associated social media platforms and/or accounts from which you permit us to collect information; and
    • any other personal information requested by us and/or provided by you or a third party.
As a business contact:
  • your name; and
  • your contact details, including your work email address and/or telephone number; and
  • the organisation you work for.
When you visit our website:
  • your browser session and geo-location data, device and network information, statistics on page views and sessions, acquisition sources, search queries and/or browsing behaviour;
  • information about your access and use of our Services, including through the use of Internet cookies, your communications with our online Services, the type of browser you are using, the type of operating system you are using and the domain name of your Internet service provider;
  • additional personal information that you provide to us, directly or indirectly, through your use of our Services, associated applications, associated social media platforms and/or accounts from which you permit us to collect information; and
  • any other personal information requested by us and/or provided by you or a third party.

Sensitive information: is a sub-set of personal information that is given a higher level of protection. Sensitive information means information relating to your racial or ethnic origin, political opinions, religion, trade union or other professional associations or memberships, philosophical beliefs, sexual orientation or practices, criminal records, health information or biometric information. Sensitive information under the GDPR is known as ‘special categories of data’.

Throughout this Privacy Policy, where we use the term ‘personal information’ this refers to ‘personal information’ and/or ‘personal data’, as applicable, and where we use the term ‘sensitive information’, this refers to ‘sensitive information’ and/or ‘special categories of data’, as applicable.

Sensitive information: We do not actively request sensitive information about you. If at any time we need to collect sensitive information about you, unless otherwise permitted by law, we will first obtain your consent and we will only use it as required or authorised by law.

The information we collect

Personal information: is information or an opinion, whether true or not and whether recorded in a material form or not, about an individual who is identified or reasonably identifiable. Personal information under the GDPR is referred to as personal data and is defined as information relating to an identified or identifiable natural person (individual).

The types of personal information we may collect about you include:
    • your username and password;
    • information you provide to us, including through feedback, customer surveys or otherwise;
    • details of products and services we have provided to you and/or that you have enquired about, and our response to you;
    • support requests submitted to us and our response to you;
    • your browser session and geo-location data, device and network information, statistics on page views and sessions, acquisition sources, search queries and/or browsing behaviour;
    • information about your access and use of our Services, including through the use of Internet cookies, your communications with our online Services, the type of browser you are using, the type of operating system you are using and the domain name of your Internet service provider;
    • additional personal information that you provide to us, directly or indirectly, through your use of our Services, associated applications, associated social media platforms and/or accounts from which you permit us to collect information; and
    • any other personal information requested by us and/or provided by you or a third party.
As a business contact:
  • your name; and
  • your contact details, including your work email address and/or telephone number; and
  • the organisation you work for.
When you visit our website:
  • your browser session and geo-location data, device and network information, statistics on page views and sessions, acquisition sources, search queries and/or browsing behaviour;
  • information about your access and use of our Services, including through the use of Internet cookies, your communications with our online Services, the type of browser you are using, the type of operating system you are using and the domain name of your Internet service provider;
  • additional personal information that you provide to us, directly or indirectly, through your use of our Services, associated applications, associated social media platforms and/or accounts from which you permit us to collect information; and
  • any other personal information requested by us and/or provided by you or a third party.

Sensitive information: is a sub-set of personal information that is given a higher level of protection. Sensitive information means information relating to your racial or ethnic origin, political opinions, religion, trade union or other professional associations or memberships, philosophical beliefs, sexual orientation or practices, criminal records, health information or biometric information. Sensitive information under the GDPR is known as ‘special categories of data’.

Throughout this Privacy Policy, where we use the term ‘personal information’ this refers to ‘personal information’ and/or ‘personal data’, as applicable, and where we use the term ‘sensitive information’, this refers to ‘sensitive information’ and/or ‘special categories of data’, as applicable.

Sensitive information: We do not actively request sensitive information about you. If at any time we need to collect sensitive information about you, unless otherwise permitted by law, we will first obtain your consent and we will only use it as required or authorised by law.

How we collect personal information

We collect personal information in a variety of ways, including:
  • Directly: We collect personal information which you directly provide to us, including when you register for an account as a business contact or authorised user, through the ‘contact us’ form on our website or when you request our assistance via email.
  • Indirectly: We may collect personal information which you indirectly provide to us while interacting with us, such as when you use our website, our software as a service, in emails, over the telephone and in your online enquiries.
  • From third parties: We collect personal information from third parties, such as where you are a client of one of our customers and your information is uploaded to the software we provide our customer and details of your use of our website from our analytics and cookie providers and marketing providers. See the “Cookies” section below for more detail on the use of cookies.

Why we collect, hold, use and disclose personal information

Where we are acting as a controller under the GDPR, we will only process personal information where we can identify a lawful basis to do so.

In providing our Services, we may collect, hold, use and disclose personal information for the following purposes:

Legitimate interests: We may collect necessary information if you browse or use our website.

Performance of a contract: We use and disclose personal information to process your registration and provide you with access to our software as a service.

Performance of a contract: We may use your information to send you information about our services.

Legitimate interests: We may use your information to carry out tasks required to operate our business, such as record keeping. You may object to our use of your personal information on the basis of legitimate interests at any time (see the “Your Privacy Rights” below).

Performance of a contract: We may use your information to bill you and accept payment so that we can provide the requested services to you.

Legal obligation: We may use your information to keep records where we have a legal obligation to do so, such as company records and tax records.

Legitimate interests: We may use your information to improve our services and for business development purposes. You may object to our use of your personal information on the basis of legitimate interests at any time (see the “Your Privacy Rights” below).

We and/or our third-party marketing partners may use the personal information you send to us for marketing purposes, if this is in accordance with your marketing preferences.

Consent: If you subscribe to marketing materials you consent to us sending you the marketing you subscribe to. You may withdraw your consent at any time.

Legitimate interests: If you have applied for employment with us, we may collect your information to consider your employment application.

Legal obligation: We may use your information if required or authorised to do so by law.

If we will process your personal information for another purpose, which is incompatible with the original purpose, we will notify you of that purpose and the legal basis for our processing prior to further processing your personal information.

If we rely on consent and you are under 16 years of age, you warrant and agree that, and we may seek confirmation that, you have your parent or legal guardian’s consent to process your personal information for that specific purpose.

For the avoidance of doubt, we will not on sell your personal information.

Our disclosures of personal information to third parties

Where permitted by applicable laws, we may disclose personal information to:
  • third party service providers for the purpose of enabling them to provide their services, to us, including (without limitation) IT service providers, data storage, web-hosting and server providers, email marketing providers, debt collectors, maintenance or problem-solving providers, marketing or advertising providers, professional advisors and payment systems operators;
  • our employees, contractors and/or related entities;
  • our existing or potential agents or business partners;
  • anyone to whom our business or assets (or any part of them) are, or may (in good faith) be, transferred;
  • courts, tribunals and regulatory authorities, in the event you fail to pay for goods or services we have provided to you;
  • courts, tribunals, regulatory authorities and law enforcement officers, as required or authorised by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights;
  • third parties to collect and process data, such as Google Analytics (To find out how Google uses data when you use third party websites or applications, please see www.google.com/policies/privacy/partners/ or any other URL Google may use from time to time), Facebook Pixel or other relevant analytics businesses; and
  • any other third parties as required or permitted by law, such as where we receive a subpoena.

Upon written request, we may agree to provide you with a list of the third parties we use to process your personal information.

Overseas disclosures

While we store personal information in Australia, where we disclose your personal information to the third parties listed above, these third parties may store, transfer or access personal information outside of Australia.

If the GDPR applies, and we disclose your personal information to third parties in countries that do not have the same data protection laws as the country in which you initially provided the information (i) we will perform those transfers using appropriate safeguards in accordance with the requirements of the GDPR; and (ii) we will protect the transferred personal information in accordance with this Privacy Policy.

Your rights and controlling your personal information

You may be entitled to certain privacy rights, as detailed below. If you would like to request any of your rights listed below, please get in touch with us using the details at the bottom of this Privacy Policy and we will consider and act upon your request in accordance with the data protection laws applicable to your request. We aim to respond to all requests within 30 days of the date of receipt of the request.

Your choice: Please read this Privacy Policy carefully. If you provide personal information to us, you understand we will collect, hold, use and disclose your personal information in accordance with this Privacy Policy. You do not have to provide personal information to us, however, if you do not, it may affect our ability to provide our Services to you and your use of our Services.

Information from third parties: If we receive personal information about you from a third party, we will protect it as set out in this Privacy Policy. If you are a third party providing personal information about somebody else, you represent and warrant that you have such person’s consent to provide the personal information to us.

Anonymity: Where practicable we will give you the option of not identifying yourself or using a pseudonym in your dealings with us.

Marketing, restrict and unsubscribe: To object to processing for direct marketing/unsubscribe from our email database or opt-out of communications (including marketing communications), please contact us using the details below or opt-out using the opt-out facilities provided in the communication.

Access: You may request access to the personal information that we hold about you.  An administrative fee may be payable for the provision of such information. Please note, in some situations, we may be legally permitted to withhold access to your personal information. If we cannot provide access to your information, we will advise you as soon as reasonably possible and provide you with the reasons for our refusal and any mechanism available to complain about the refusal. If we can provide access to your information in another form that still meets your needs, then we will take reasonable steps to give you such access.

Correction/Rectification: If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us using the details below. We will take reasonable steps to promptly correct any information found to be inaccurate, out of date, incomplete, irrelevant or misleading. Please note, in some situations, we may be legally permitted to not correct your personal information. If we cannot correct your information, we will advise you as soon as reasonably possible and provide you with the reasons for our refusal and any mechanism available to complain about the refusal.

Objecting to processing: Under the GDPR, you may have the right to object to processing of your personal information that is based on our legitimate interests or public interest. If this is done, we must provide compelling legitimate grounds for the processing which overrides your interests, rights and freedoms, in order to proceed with the processing of your personal information.

Restricting processing: Under the GDPR, you may have the right to request that we restrict the processing of your personal information if (i) you are concerned about the accuracy of your personal information; (ii) you believe your personal information has been unlawfully processed; (iii) you need us to maintain the personal information solely for the purpose of a legal claim; or (iv) we are in the process of considering your objection in relation to processing on the basis of legitimate interests.

Erasure and data portability: Under the GDPR, you may have the right to request details of the personal information we hold about you, or to request that we erase the personal information we hold about you, or that we transfer this information to a third party.

Complaints: If you wish to make a complaint, please contact us using the details below and provide us with full details of the complaint. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take in response to your complaint. You also have the right to contact the relevant privacy authority in the country in which you are based.

Storage and security

We are committed to ensuring that the personal information we collect is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures, to safeguard and secure personal information and protect it from misuse, interference, loss and unauthorised access, modification and disclosure.

While we are committed to security, we cannot guarantee the security of any information that is transmitted to or by us over the Internet. The transmission and exchange of information is carried out at your own risk.

To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information, whether we can achieve those purposes through other means and the applicable legal requirements.

In some circumstances you can ask us to delete your data: see ‘erasure and data portability’ above for further information.

In some circumstances we may anonymise your personal information (so that it can no longer be associated with you) for analytics, research or statistical purposes in which case we may use this anonymised information indefinitely without further notice to you.

Cookies

We may use cookies on our website from time to time. Cookies are text files placed in your computer’s browser to store your preferences. Cookies, by themselves, do not tell us your email address or other personally identifiable information. However, they do recognise you when you return to our online website and allow third parties, such as Google and Facebook, to cause our advertisements to appear on your social media and online media feeds as part of our retargeting campaigns. If and when you choose to provide our online website with personal information, this information may be linked to the data stored in the cookie.

You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our website.

Links to other websites

Our website may contain links to other party’s websites. We do not have any control over those websites and we are not responsible for the protection and privacy of any personal information which you provide whilst visiting those websites. Those websites are not governed by this Privacy Policy.

Amendments

We may, at any time and at our discretion, vary this Privacy Policy by publishing the amended Privacy Policy on our website. If we make any material changes to this Privacy Policy, we will notify you by contacting you through the contact details you have provided to us. We recommend you check our website regularly to ensure you are aware of our current Privacy Policy.