At xantherali, we believe transparency starts with being honest about data. This policy
explains what we collect, why we need it, and what rights you have under Australian privacy
law.
We've tried to keep this readable. If something's unclear or you want to talk specifics,
reach out to us directly.
What Information We Collect
We collect different types of information depending on
how you interact with our services. Some you give us directly. Some we gather
automatically.
Information You Provide
- Personal details when you register for courses or programs – name, email, phone
number
- Payment information when enrolling in paid learning programs
- Professional background details to tailor course recommendations
- Communication preferences and feedback you share with us
- Documents you upload as part of coursework or assessments
Information Collected Automatically
When you use our website, we collect technical
information that helps us improve your experience and keep things running smoothly.
- Device type, browser version, and operating system
- IP address and general location data
- Pages you visit and how long you spend on them
- Referral sources and search terms that brought you here
- Interaction patterns with course materials and learning resources
How We Use Your Information
We don't collect data for the sake of it. Everything we
gather has a specific purpose related to providing better financial risk management
education.
Course Delivery
Providing access to learning materials, tracking
your progress, and issuing completion certificates.
Communication
Sending course updates, schedule changes, and
relevant educational content you've requested.
Improvement
Analyzing how learners use our platform to make
courses more effective and accessible.
Legal Compliance
Meeting our obligations under Australian law and
maintaining accurate records.
Marketing communications: We'll only send you promotional emails if
you've opted in. You can unsubscribe anytime using the link in every email.
Legal Basis for Processing
Under the Privacy Act 1988 and Australian Privacy
Principles, we process your data based on these legal grounds:
- Contractual necessity: When you enroll in a course, we need certain
information to fulfill that service agreement.
- Legitimate interests: We have valid reasons to process some data,
like improving course quality and preventing misuse of our platform.
- Legal obligations: Australian law requires us to maintain certain
records for specified periods.
- Consent: For optional activities like marketing communications, we
ask for your explicit permission.
Data Sharing and Third Parties
We don't sell your information. Period. But we do work
with specific partners who help us run the business.
Service Providers We Work With
| Service Type |
Purpose |
Data Shared |
| Learning Platform |
Course delivery and progress tracking |
Name, email, course activity |
| Payment Processing |
Handling enrollment payments securely |
Billing details, transaction records |
| Email Services |
Sending course updates and communications |
Email address, communication preferences |
| Analytics Tools |
Understanding website usage patterns |
Anonymized usage data, device information |
| Cloud Storage |
Storing course materials and records |
Account information, uploaded documents |
All our partners are bound by confidentiality agreements
and process data only according to our instructions. We vet them carefully before sharing
any information.
When We Must Disclose Information
Sometimes Australian law requires us to share data with
authorities:
- When we receive a valid legal request from law enforcement
- To comply with court orders or regulatory investigations
- If necessary to prevent fraud or protect someone's safety
- During business transitions like mergers or acquisitions (with prior notice to
you)
Your Rights Under Australian Privacy Law
The Australian Privacy Principles give you specific
rights about your personal information. Here's what you can do and how to do it.
Access Your Information
You can request a copy of all personal data we hold about
you. We'll provide it within 30 days in a commonly used format. There's no charge unless
the request is particularly complex or repetitive.
Correct Inaccurate Data
If something's wrong in your records, let us know. We'll
fix it promptly. You can update most details directly through your account settings, or
email us for help.
Request Deletion
You can ask us to delete your personal information. We'll
comply unless we're required to keep it for legal reasons – like tax records or course
completion certificates. We'll explain if we can't delete something and why.
Restrict Processing
In some situations, you can ask us to limit how we use
your data. For example, if you're disputing its accuracy or questioning whether we still
need it.
Object to Processing
You can object to us processing your data for specific
purposes, particularly marketing. We'll stop unless we have compelling legitimate grounds
that override your interests.
How to exercise these rights: Email us at info@xantherali.com with your
request. We'll verify your identity and respond within 30 days. If we need more time,
we'll let you know why.
Data Security Measures
We take security seriously. Here's what we do to protect
your information from unauthorized access, loss, or misuse.
- All data transmission uses industry-standard SSL/TLS encryption
- Password-protected access with multi-factor authentication for staff
- Regular security audits and vulnerability assessments
- Restricted access based on role – team members only see what they need
- Encrypted backups stored in secure Australian data centers
- Incident response procedures if a breach occurs
- Regular staff training on data protection and privacy practices
That said, no system is completely bulletproof. If we
detect a breach that poses serious risks to your privacy, we'll notify you and the Office
of the Australian Information Commissioner as required by law.
Data Retention Periods
We don't keep your information forever. Different types
of data have different retention schedules based on legal requirements and practical
needs.
Course and Enrollment Records
We keep course completion records and certificates for
seven years after you finish a program. This helps if you need proof of completion down the
track.
Financial Records
Australian tax law requires us to maintain financial
records for seven years. Payment information and invoices fall into this category.
Marketing Communications
If you unsubscribe from marketing emails, we keep your
email address on a suppression list indefinitely so we don't accidentally contact you
again.
Website Analytics
Anonymized usage data is typically retained for two
years, then archived or deleted.
When we no longer need your information, we delete it
securely or anonymize it so it can't be linked back to you.
Cookies and Tracking Technologies
Like most websites, we use cookies – small text files
stored on your device that help us remember your preferences and understand how you use our
site.
Types of Cookies We Use
- Essential cookies: These keep the site working. They remember your
login status and course progress. You can't disable these without breaking basic
functionality.
- Analytics cookies: These tell us which pages are popular and where
people get stuck. We use this to improve navigation and content.
- Preference cookies: These remember your choices, like language
settings or display preferences.
You can control cookies through your browser settings.
Blocking all cookies might affect your experience on our site. Most browsers let you block
third-party cookies while keeping first-party ones.
International Data Transfers
We primarily store data in Australian data centers.
However, some of our service providers operate globally, which means your information might
be processed outside Australia.
When this happens, we ensure:
- The receiving country has substantially similar privacy protections to Australia
- Our contracts include data protection clauses that meet APP requirements
- Appropriate safeguards are in place to protect your information
- You're informed about any significant international transfers
Most commonly, data might be processed in the United
States or European Union through our cloud service providers. These regions have frameworks
we consider adequate for protecting your privacy.
Children's Privacy
Our courses are designed for adults in professional
contexts. We don't knowingly collect information from anyone under 18 without parental
consent.
If you're under 18 and interested in our programs, please
have a parent or guardian contact us first. If we discover we've collected information from
a minor without proper consent, we'll delete it promptly.
Changes to This Policy
We review and update this privacy policy periodically to
reflect changes in our practices or legal requirements. When we make significant changes,
we'll notify you by email or through a prominent notice on our website.
The "last updated" date at the top shows when we most
recently revised this policy. We encourage you to check back occasionally, especially
before sharing new information with us.
Continued use of our services after changes take effect
means you accept the updated policy. If you disagree with changes, you can close your
account and stop using our services.
Complaints and Disputes
If you're concerned about how we've handled your personal
information, we want to hear about it. Most issues can be resolved quickly through direct
communication.
Internal Complaint Process
- Email your concern to info@xantherali.com with "Privacy Complaint" in the subject
line
- We'll acknowledge your complaint within 2 business days
- We'll investigate and respond with our findings within 30 days
- If you're not satisfied with our response, we'll explain next steps
External Review
If we can't resolve your concern, you have the right to
complain to the Office of the Australian Information Commissioner (OAIC).
OAIC Contact Details:
Phone: 1300 363 992
Email: enquiries@oaic.gov.au
Website: www.oaic.gov.au
