www.xref.com
Open in
urlscan Pro
63.35.51.142
Public Scan
URL:
https://www.xref.com/privacy-policy
Submission: On October 04 via api from US — Scanned from IT
Submission: On October 04 via api from US — Scanned from IT
Form analysis 0 forms found in the DOM
Text Content
Why Xref
Solutions
Reference
Send checks to prospective candidate and get feedback from verified referees.
Engage
New
Retain and engage your talent for positive change
Exit
Gather feedback from exiting employees and target ex-employees to return.
By industry
Not-For-Profit
Health and Aged Care
Government
Construction
Retail
Hospitality
Aged Care QI Surveys
By team
Talent acquisition
Recruitment Process Outsourcing (RPO)
Staffing and Recruitment Firms
People and Culture
Platform
Features
Survey builder
Automated requests
People records
Reporting and insights
Additional checks
Integrations
Security and Compliance
Template builder
SEE OUR PRODUCT OVERVIEW
Watch our video for a glimpse into the hire-to-retire experience with Xref.
Watch the video
Resources
Company
Why users love us
About us
Careers
Resources
Resource hub
Case studies
Expert videos
User guides
Blog
Blog
XREF WINS ‘MOST IMPLEMENTABLE’ SOFTWARE IN G2 FALL AWARDS
Read more
Pricing
Blog
Sign in
Request a demo
PRIVACY POLICY
Last updated: February 6, 2024
OUR COMMITMENT TO PROTECTING YOUR PRIVACY
At Xref, we want to ensure you are well-informed about how your information is
collected, used, and protected, and how you can manage it when interacting with
us. Our Privacy Policy provides a comprehensive explanation of these practices.
By registering and creating an account, using our products and services,
visiting our platforms, or engaging with us via phone, email, in person, or
through any other means, you agree to the terms outlined in this Privacy Policy.
Overview
1.1 Xref Limited, together with other members of its group ("Xref", “we”, us”,
“our”) takes its responsibilities under data protection legislation seriously.
1.2 This Privacy Policy aims to provide users of our services (“Users”, “you”,
“your”) with a clear summary of how we use information that is provided to us
and how Xref complies with applicable data protection laws, covering the
following areas:
Categories of users
(a) Employers Representatives (i.e. representatives of organisations who engage
Xref to assist them with the hiring of Candidates, as well as managers of
organisations who are requested to verify their exit check information, referred
to in both cases as Employers);
(b) Candidates (i.e. those that we help coordinate application information and
references for potential new jobs with Employers); and
(c) Referees (i.e. those whom we contact at the request of a Candidate in
connection with the obtaining of a reference about the Candidate for an
Employer).
(d) Employees (i.e. those whom we contact at the request of an Employer in
order to complete an employee survey).
Purposes of Collection and Disclosure
3.1 In this section, we set out first the personal information we collect
relating to all Users which we are the data controller in respect of (i.e. which
Xref determines how to use within the scope of this Privacy Policy without
reference back to the Employer). We then set out the information we collect as a
data processor on behalf of the Employer who is the data controller of that
information (i.e. which we only hold and process as instructed by the Employer).
In relation to both categories we set out:
* The personal information we collect;
* How we collect the personal information; and
* The purposes for which we use and disclose personal information.
Please note that this does not describe the Employer’s use of personal
information which the Employer is responsible for providing its own privacy
notice or policy in respect of.
3.2 Under European Data Protection Law, we are required to identify the “legal
grounds” on which we rely to process the information, and these are set out next
to each purpose for which we are a data controller. More information on legal
grounds can be found at Appendix A
3.3 Information we collect from All Users
(a) Personal information we collect
* Contact Information: including your name, email address, phone number and
other contact details
* Our correspondence: if you contact us, we will typically keep a record of
that correspondence
Website and communication usage: details of your visits to the websites and
information collected through cookies and other tracking technologies including,
but not limited to, your IP address and domain name, your browser version and
operating system, traffic data, location data, web logs and other communication
data, and the resources that you access.
(b) How we collect personal information
We collect personal information from you directly.
(c) Purpose of use and disclosure
We process your personal information as a data controller for the following
purposes:
* To provide our services to carry out our obligations arising from any
agreements between you or the Employer and us, to respond to your queries and
otherwise communicate with you.
Legal bases: contract performance, legitimate interests (to enable us to perform
our obligations and provide our services to you)
* To improve our services to make our services more valuable or useful (e.g.
when you have provided us with feedback), including to make our websites
function correctly and undertake analytics (please see section 4 below).
Legal bases: consent, legitimate interest (to enable us to provide better
services and to provide anonymised aggregated insight to our clients)
* To inform you of changes to notify you about changes to our services.
Legal bases: legitimate interests (to notify you about changes to our services)
* To reorganise or make changes to our business in the event that we (i) are
subject to negotiations for the sale of our business or part thereof to a
third party; (ii) are sold to a third party; or (iii) undergo a
reorganisation, we may need to transfer some or all of your personal
information to the relevant third party (or its advisors) as part of any due
diligence process for the purpose of analysing any proposed sale or
re-organisation. We may also need to transfer your personal information to
that re-organised entity or third party after the sale or reorganisation for
them to use for the same purposes as set out in this policy.
Legal bases: legitimate interests (in order to allow us to change our business)
* To comply with legal or regulatory obligations we may process your personal
information to comply with our legal and regulatory requirements, which may
include disclosing your personal information to third parties, the court
service and/or regulators or law enforcement agencies in connection with
enquiries, proceedings or investigations by such parties anywhere in the
world or where compelled to do so. Where permitted, we will direct any such
request to you or notify you before responding unless to do so would
prejudice the prevention or detection of a crime.
Legal bases: legal obligations, legal claims, legitimate interests (to cooperate
with law enforcement and regulatory authorities)
* To third parties under our control to assist us with service delivery we may
disclose your personal information to our service providers, contractors,
agents, advisors (e.g. legal, financial, business or other advisors) and
other Xref group companies that perform activities on our behalf always
subject to suitable safeguards. Specifically, we may disclose contact
information of Candidates to third parties under our control where an
Employer has requested identity verification services.
Legal bases: legitimate interests (in order to use specialist service providers
and operate our business efficiently)
3.4 Employers Representatives
(a) Personal information we collect
In addition to the information set out in the All Users section above, where you
are a manager, we may also collect:
* your rehire recommendations about Employees, as well as verifying their
employment dates, skills and competencies.
* Payment and Billing Information: This may include any billing information
such as your direct debit and credit card, and/or EFT details for billing
purposes.
(b) How we collect personal information
We collect personal information from you directly:
* when you provide verification information to us in response to a request from
an Employee:
We also collect personal information about you from your Employer who has asked
you to provide verification of your employment details.
(c) Purpose of use and disclosure
We also process your personal information as a data controller for the following
purposes:
For marketing purposes to send you offers and marketing materials about Xref and
Xref’s suppliers and partners' products and services by email or SMS, and where
required by law, we will ask for your consent before we conduct any of these
types of marketing. If you wish to opt out from receipt of marketing materials
sent by Xref at any time, please use the opt out mechanism in the marketing
material or contact the Privacy Officer to let us know.
Legal bases: consent, legitimate interest (to keep you updated with news in
relation to our services)
For payments and billing purposes to bill you, as a representative of your
office, or your office for the use of our platform. We may collect your billing
information before your use of our platform. You can choose or change your
preferred method of payment by contacting your Xref account manager or emailing
support@xref.com.
Legal bases: consent, performance of contract with Users.
3.5 Candidates
(a) Personal information we collect
In addition to the information set out in the All Users section above we may
collect the following additional information as a processor for the Employer.
* Reference Information: including your work experience, job titles,
qualifications, period of employment, aptitude test results, opinions about
your work performance provided by Employers and/or Referees
* Sensitive Information: including information to assess your work
authorisation or visa requirements (if any), criminal record (or
proceedings), health or disability information
(b) How we collect personal information (including personal information of your
chosen Referees)
We collect personal information from you directly when you provide information
to us relating to your references, but also collect personal information about
you from your potential Employer and your Referees.
As a Candidate, we will assume that you have clear consent from your chosen
Referees to supply their names and contact details (including email address) to
us so that we can contact them on your behalf to obtain a reference about you
which will be supplied to the Employer interested in potentially hiring you. If
you do not have that consent, please do not provide their details to us.
(c) Purpose of use and disclosure
Except as set out in the All Users section above, we process your personal
information on behalf of your potential Employer. In providing our services to
the potential Employer, we will use your information to communicate with you,
organize your application information, coordinate your references, authenticate
your identity and respond to your questions, queries or requests regarding our
services. We will need to disclose your information to the Employer who will be
a client of Xref and will have requested us to seek references in relation to
your potential employment by them. The Employer’s processing of such personal
information will be subject to the privacy notice or policy of the Employer.
3.6 Referees
(a) Personal information we collect
In addition to the information set out in the All Users section we may collect
the following additional information as a processor for the Employer.
* Employment Information: including your position, the name of the organisation
you are or were working with and the dates covering the period of time in
which you are providing a reference for the Candidate. In addition, we may
collect your current job title, your current organisation and your current
job location, but only if you consent for us to do so.
* Any opinions you give on the Candidate
(b) How we collect personal information
We collect personal information from you directly:
* when you provide information to us in response to a request for reference,
and/or:
* when you consent to be contacted by a prospective employer about potential
job opportunities or your recruitment needs as a hiring manager.
But we also collect personal information about you from Candidates who have
asked you to provide a reference for them.
(c) Purpose of use and disclosure
Except as set out in the All Users section above, we process your personal
information on behalf of the (potential) Employer of the Candidate who has asked
you to provide a reference for him/her. In providing our services to the
Employer, we will use your information to communicate with you, coordinate the
opinion you provide about the Candidate, authenticate your identity and respond
to your questions, queries or requests regarding our services, and where you
have consented to being contacted by a potential employer we will use your
information in our analytics platform, People Search. We will need to disclose
your information to the potential Employer who will be a client of Xref and will
have requested us to seek references from you in relation to the Candidate. The
Employer’s processing of such personal information will be subject to the
privacy notice or policy of the Employer.
For marketing purposes, we may use your name, email address and contact details
to send you more information and marketing materials about Xref and Xref’s
suppliers and partners’ products and services by email, phone or SMS, and where
required by law we will ask for your consent before we conduct any of these
types of marketing. If you wish to opt out from receipt of marketing materials
sent by Xref at any time, please use the opt out mechanism in the marketing
material or contact the Privacy Officer to let us know.
3.7 Employees
(a) Personal information we collect
In addition to the information set out in the All Users section above, we may
collect the following additional information as a processor for the Employer.
* Sensitive Information: including information to assess your work
authorisation or visa requirements (if any), criminal record (or
proceedings), health or disability information
* Exit Check Information regarding departing employees: including, your
feedback on your organisation, reason for leaving, your manager’s details,
job titles, period of employment, your skills and competencies, and any roles
you may be interested in in the future.
* Xref Pulse Surveys: including, your feedback on your organisation, department
within your organisation, and any personal information provided as a survey
answer
* Xref Engage Employee Surveys: including, your feedback on your organisation,
department in the organisation, and any personal information provided as a
survey answer. At times, we may collect personal information from a third
party or from a publicly available source, but only if you have consented to
your information being used in this way or would reasonably expect us to
collect it in this way.
* Trust Marketplace Background Checks: including, background check information
provided through Trust Marketplace partners
(b) How we collect personal information
We collect personal information from you directly when you provide information
to us relating to your Exit check, Pulse Survey, and Engage Survey, but also
collect personal information about you from your Employer.
We will assume that you have clear consent from your chosen manager to supply
their names and contact details (including email address) to us so that we can
contact them on your behalf to verify your skills and competencies which will be
supplied to the Employer. If you do not have that consent, please do not provide
their details to us.
(c) Purpose of use and disclosure
Except as set out in the All Users section above, we process your personal
information on behalf of your Employer. In providing our services to your
Employer, we will use your information to communicate with you, coordinate your
exit check, authenticate your identity and respond to your questions, queries or
requests regarding our service. We will need to disclose your information to the
Employer who will be a client of Xref and will have requested us to seek an exit
check from you. The Employer’s processing of such personal information will be
subject to the privacy notice or policy of the Employer.
Marketing and Analytics
4.1 We may collect data about your activities that does not personally or
directly identify you when you visit our website. This information may include
the content you view, the date and time that you view this content, the products
you purchase, or your location information associated with your IP address. We
use the information we collect to serve you more relevant advertisements
(referred to as “Retargeting”). We collect information about where you saw the
advertisements, we serve you and what advertisements you clicked on. You may
opt-out of the automated collection of information by amending your web browser
controls. Most advertising networks also offer you the option to opt out of
targeted advertising. For more information, visit
http://www.aboutads.info/choices/ or http://www.youronlinechoices.com.
4.2 We may use Users’ information for data analytics purposes, including to
create insights, reports, and other analytics to provide benchmarks to our
clients, improve our services and to market our services. The output of our
analytics will never identify a particular User or Xref client.
4.3 We use Chargebee and Stripe for some of our payment, analytics, and other
business services.
Stripe collects identifying information about the devices that connect to its
services. Stripe uses this information to operate and improve the services it
provides to us, including for fraud detection. You can learn more about Stripe
and read its privacy policy at https://stripe.com/privacy.
Chargebee uses payment information you provide to us for the management of your
subscription to our services, and for Xref to analyse Employers’ use of our
services. You can learn more about Chargebee and read its privacy policy at
https://www.chargebee.com/privacy/.
Security and Storage
5.1 We hold your personal information in electronic form. To ensure your
personal information is secure we use ISO 27001 certified security standards,
and your data is encrypted in transit and at rest. Service providers may process
the information for us, but only ever for the sole purpose of providing our
services. Where a service provider holds your information, we require them to
adhere to our approved standards of security to ensure the continuing protection
of your personal information. Only authorised employees are granted access to
your personal information and our procedures ensure that your personal
information is only made available to employees where necessary. We audit and
monitor our employee’s access to and handling of personal information.
5.2 We will retain your personal and sensitive information as directed by the
Employer, or where we are a data controller when we no longer require it for any
purpose for which it was collected. Xref will comply with its obligations to
destroy, erase, or de-identify your personal information as required by
applicable law.
5.3 Xref protects the personal information in its custody or control by making
reasonable security arrangements to prevent unauthorised access, collection,
use, disclosure, copying, modification, disposal, or similar risks. You should
be aware that confidentiality and security are not assured when information is
transmitted through e-mail or wireless communication.
5.4 Xref will not be responsible for any loss or damage suffered as a result of
a breach of security or confidentiality when information is transmitted by
e-mail or wireless communication.
Disclosures Overseas
In certain limited circumstances Xref may disclose your personal information to
an entity overseas. Generally speaking, this is in circumstances where we have
engaged a third party to carry out operations on our behalf, for example the use
of data sub-processors. In such cases, personal information, as defined in
Section 3, may be disclosed to data sub-processors overseas, the detail and
locations of which can be found at https://xref.com/en/sub-processors/.
Export outside the EEA
7.1 Your personal information may be accessed by Employers, Candidates, Referees
and/or our service providers (as the case may be), and/or stored at, a
destination outside the country in which you are located, whose data protection
laws may be of a lower standard than those in your country. We will, in all
circumstances, safeguard personal information as set out in this Privacy Policy.
7.2 Where we transfer personal information from inside the European Economic
Area (the EEA) to outside the EEA, we may be required to take specific
additional measures to safeguard the relevant personal information. Certain
countries outside the EEA have been approved by the European Commission as
providing equivalent protections to EEA data protection laws and therefore no
additional safeguards are required to export personal information to these
jurisdictions. In countries which have not had these approvals (see the full
list here), we will establish legal grounds justifying such transfer, such as EU
Commission-approved model contractual clauses, or other legal grounds permitted
by applicable legal requirements.
7.3 Please contact us as set out in the “Contacting Us” section below if you
would like to see a copy of the specific safeguards applied to the export of
your personal information.
Contacting Us and Your rights
8.1 You have the right to access personal information Xref holds on you and to
have incorrect information corrected. If you would like to obtain a copy of the
personal information that Xref holds on you or to request a correction to
personal information held by Xref, please contact our designated Privacy Officer
who is accountable for Xref’s compliance with this Privacy Policy. The Privacy
Officer can be contacted as follows:
Address: Xref Limited, L20, 135 King Street, Sydney NSW 2000, Australia
Email: privacy@xref.com
Phone: +61 2 8244 3099
8.2 Xref holds the information set out at sections 3.4 and 3.5 as a data
processor of the Employer. This means that if you wish to exercise your data
subject rights you must address the request to the Employer and Xref will assist
the Employer to respond as directed by your Employer. In relation to the
information set out at section 3.3, Xref is the controller and in relation to
that information, you may have the right to require us to:
(a) provide you with further details on the use we make of your information;
(b) provide you with a copy of information that you have provided to us;
(c) update any inaccuracies in the personal information we hold;
(d) delete any personal information that we no longer have a lawful ground to
use;
(e) where processing is based on consent, to withdraw your consent so that we
stop that processing;
(f) to ask us to transmit the personal data you have provided to us, and we
still hold about you to a third party electronically;
(g) object to any processing based on the legitimate interests ground unless our
reasons for undertaking that processing outweigh any prejudice to your data
protection rights; and
(h) restrict how we use your information whilst a complaint is being
investigated.
8.3 Your exercise of these data subject rights is subject to certain exemptions
to safeguard the public interest (e.g. the prevention or detection of crime) and
our interests (e.g. the maintenance of legal privilege). If you exercise any of
these rights, we will check your entitlement and respond in most cases within a
month.
8.4 If you are not satisfied with our use of your personal information or our
response to any exercise of these rights, you have the right to complain to your
local data protection regulator. If you are in the European Economic Area (EEA)
a list of data protection regulators and their contact details can be found
here.
8.6 If you have a dispute about personal information held by Xref and covered by
the policy, we will investigate and provide you with a formal written response,
generally within 30 days. We will investigate and deal with your complaint in a
fair, efficient, and timely manner. You can contact us at:
Address: Xref Limited, L20, 135 King Street, Sydney NSW 2000, Australia
Email: privacy@xref.com
Phone: +61 2 8244 3099
If you are not satisfied with our response, you may make a complaint to the
Office of the Australian Information Commissioner (OAIC). The OAIC may be
contacted at:
Online: www.oaic.gov.au
Email: enquiries@oaic.gov.au
Mail: Office of the Australian Information Commissioner, GPO Box 5218 Sydney,
NSW 2001
Cookies Policy
Xref's website uses the following cookies:
sessionid: To store session data of the logged in user. This is how we identify
who is logged when they request an action.
csrftoken: To prevent cross site request forgery. This ensures that only forms
that have originated from our Website can be used to POST data back. If you do
not agree to the use of these cookies, please disable them by following the
instructions for your browser set out here. Please note that some of the
services will not function so well if cookies are disabled.
Children's Privacy
Our services are not directed at people under the age of 16 (“Minors”) and we do
not knowingly collect personal information from Minors. If you believe that we
have been provided with personal information of Minors, please contact us by
using the information in the “Contacting Us and Your Rights” section above, and
we will take steps to delete such information.
API Keys
We use API keys to connect our applications. You can generate an API key to
connect separate applications on our platform.
If you have updated an application on our platform with an API key, all data
will be shared between those applications. The data shared will include data
such as names, emails, phone numbers and references.
Please do not store, share, or embed API keys in public/shared workspaces as
this may compromise the security of your account.
Changes to our Privacy Policy and/or Cookies Policy
12.1 We may change the content of our websites and how we use cookies and
consequently, our Privacy Policy and our Cookie Policy may change from time to
time in the future. If we change this Privacy Policy or our Cookies Policy, we
will update the date it was last changed below. If these changes are material,
we will indicate this clearly on our Website.
12.2 This Privacy Policy was last updated on 6 February 2024: For previous
copies of the Xref Privacy Policy please contact our Privacy Officer using the
details provided above.
Appendix A: Legal grounds
Legal grounds to justify use of personal information
Under European Data Protection Law, we are required to identify the “legal
grounds” on which we rely to process the information. Use of personal
information under European Data Protection Law must be justified under one of
several “legal grounds” and we have set out the grounds in respect of each use
above. The explanations of the legal grounds that justify our use of your
personal information are as follows:
Consent: where you have consented to our use of your information (you will have
been presented with a consent form in relation to any such use [and may withdraw
your consent by contacting us as set out in the “Contacting Us” section).
Contract performance: where your information is necessary to enter into or
perform our contract with you.
Legal obligation: where we need to use your information to comply with our legal
obligations.
Legitimate interests: where we use your information to achieve a legitimate
interest and our reasons for using it outweigh any prejudice to your data
protection rights.
Legal claims: where your information is necessary for us to defend, prosecute or
make a claim against you, us or a third party.
Solutions
Reference
Engage
New
Exits
Pulse
Not-For-ProfitHealth and aged careGovernmentConstructionRetailHospitalityTalent
acquisitionRecruitment Process Outsourcing (RPO)Staffing and recruitment
firmsPeople and culture
Platform
Survey builderAutomated requestsTalent ProfilesInsightsAdditional
checksIntegrationsSecurity and compliancePricingRequest a demo
Resources
About us
Careers
We're Hiring!
Why XrefWhy users love usResource hubBlogCase studiesTemplate Builder
More
SupportContactInvestor hubXref TrustSystem statusGlossarySub Processors
©2024 Xref
Terms of ServicePrivacy Policy
L20, 135 King Street, Sydney NSW 2000
BOOK A FREE DEMO WITH ONE OF OUR SPECIALISTS
Request a demo