Privacy Policy | XP

Privacy Policy

Effective Date: 3 December 2025

Xtreme Productivity (“Company”, “we”, “us”, or “our”) respects your privacy and is committed to handling personal information responsibly and transparently. This Privacy Policy explains how we collect, use, disclose, and protect personal information when you interact with our website (xp360.com) or our services.

It also outlines your rights under applicable privacy laws, including the New Zealand Privacy Act 2020, the Australian Privacy Act 1988 (including 2025 amendments), Canada’s PIPEDA and Quebec Law 25, and GDPR-aligned principles. Where appropriate, we voluntarily extend certain GDPR-style rights to all users.

By using our Website or Services, you agree to this Privacy Policy.

1. Information We Collect

1.1 Information you provide to us

We collect personal information when you:

  • Contact us
  • Download resources
  • Register for events
  • Engage with our marketing or sales activities

This may include:

  • Name, email address, phone number
  • Organisation and role
  • Communication preferences
  • Any other information you choose to provide

We do not collect sensitive information (e.g., health information, union membership) unless required and permitted by law, and only with your express consent.

1.2 Information automatically collected

We collect limited technical information such as:

  • IP address
  • Browser and device details
  • Pages viewed, referring URL
  • General location (city or country)

This information is used only for security, performance, and analytics.

If we collect personal information from another source, we will notify you when required under the Privacy Act 2020 (NZ) and APP 5 (Australia).

2. How We Use Personal Information

We use personal information to:

  • Respond to enquiries
  • Provide resources you request
  • Improve and secure our Website
  • Send updates you subscribe to
  • Carry out internal reporting, audit, and compliance
  • Meet legal or regulatory obligations

We do not use your information for unrelated purposes without your consent.

Commercial electronic messages

For email communications, we comply with:

  • NZ Unsolicited Electronic Messages Act
  • Australian Spam Act (unsubscribe honoured within 5 business days)
  • Canada’s Anti-Spam Legislation (CASL)

All messages include our identity and an unsubscribe mechanism.

3. Legal Grounds for Processing

Where required (e.g., NZ, EU, UK), we rely on:

  • Consent
  • Contract necessity
  • Legitimate interests (e.g., analytics, security)
  • Legal obligations

We minimise collection to what is necessary.

How We Obtain Consent
We obtain consent whenever required by law, including before collecting personal information directly from you, before using it for a new purpose, and before sending commercial electronic messages. Consent may be express (e.g., ticking a box, submitting a form) or implied where permitted by law.

Withdrawing consent:
You may withdraw your consent at any time by contacting us. Withdrawing consent will not affect processing already carried out and may limit the services we can provide if the information is necessary for those services.

4. Cookies and Tracking Technologies

We use essential and analytics cookies only.

We do not use advertising, profiling, or cross-site tracking cookies.
You can adjust cookie settings in your browser.

Third-party analytics

Google Analytics collects anonymised usage data under its own privacy policy.

5. How Long We Keep Information

We retain personal information only as long as needed:

  • Enquiry history: up to 2 years
  • Resource download records: up to 3 years
  • Security logs: up to 12 months

Information is securely deleted or anonymised once no longer required.

6. Sharing Personal Information

We do not sell personal information.

We share information only with trusted service providers who support our operations, including:

Microsoft Dynamics 365 CRM

Used for managing enquiries, contacts, and communications. Microsoft acts as a data processor with strong security practices.

Data may be stored in Australia, Singapore, or other Microsoft cloud regions.

We ensure providers apply appropriate privacy and security safeguards.

We may also disclose information if required by law or to prevent serious harm.

7. International Data Transfers

New Zealand (IPP 12)

We ensure overseas recipients provide comparable safeguards, typically through contractual clauses approved by the NZ Privacy Commissioner.

Australia (APP 8)

We take reasonable steps to ensure overseas recipients comply with the Australian Privacy Principles and remain accountable for their handling of personal information.

Canada (PIPEDA & Quebec Law 25)

If information is transferred outside Canada, we remain responsible and ensure appropriate contractual protections.

GDPR-aligned safeguards

Where data is transferred to countries without an adequacy decision, we use Standard Contractual Clauses or equivalent safeguards.

8. Data Breach Notification

We notify:

  • NZ Office of the Privacy Commissioner and affected individuals where serious harm is likely
  • OAIC (Australia) and affected individuals under the Notifiable Data Breaches scheme
  • Office of the Privacy Commissioner of Canada where there is a real risk of significant harm
  • Affected individuals as soon as practicable, generally within 72 hours

9. How We Protect Information

We take reasonable technical and organisational steps, including:

  • Encryption
  • MFA
  • Access controls
  • Staff training
  • Vendor compliance checks
  • Secure software development and monitoring

10. Your Rights

Depending on your location, you may have the right to:

  • Access your personal information
  • Request correction
  • Request deletion/erasure (NZ, AUS 2025, GDPR, Quebec Law 25)
  • Withdraw consent
  • Restrict or object to processing (where applicable)
  • Data portability (GDPR, Quebec Law 25)
  • Interact anonymously or via pseudonym (Australia APP 2, where feasible)

We do not use automated decision-making or profiling.

We respond within the timeframes required by law.

How to exercise your rights

Email: hello@xp360.com

Right to complain

If you are not satisfied with our response, you may complain to:

  • NZ Office of the Privacy Commissioner
  • Office of the Australian Information Commissioner (OAIC)
  • Office of the Privacy Commissioner of Canada

We will provide guidance on the correct authority based on your location.

11. Children

Our services are not directed at children under 18, and we do not knowingly collect children’s data.

12. Governance and Ethical Practices

We maintain privacy governance frameworks and internal policies aligned with international best practice.

We comply with the strengthened privacy obligations and penalties introduced in Australia in 2025.

13. Updates to This Privacy Policy

We may update this Policy periodically. The revised version will include an updated Effective Date.
To prepare for upcoming changes to New Zealand’s Privacy Act, including the introduction of IPP 3A (effective 1 May 2026), we may make additional updates to this Policy to reflect new requirements.

14. Contact Us

Xtreme Productivity International Limited
52 Randolph Street
Eden Terrace, Auckland 1010
New Zealand

Privacy Officer (Accountability Officer)
Part of our HR & Compliance team
Email: hr@xp360.com