Privacy Policy
XYX Holdings is committed to protecting your privacy and personal information in accordance with Australian privacy laws and international data protection standards.
1. Overview
XYX Holdings Pty Ltd (ABN: XXX XXX XXX XXX) ("we," "our," or "us") is committed to protecting the privacy and personal information of our clients, partners, website visitors, and other stakeholders. This Privacy Policy explains how we collect, use, disclose, and protect personal information in accordance with:
- The Australian Privacy Act 1988 and Australian Privacy Principles (APPs)
- The EU General Data Protection Regulation (GDPR) where applicable
- Other applicable international data protection laws
This policy applies to all personal information collected through our website, services, and business operations, including cross-border trade activities between Australia and China.
2. Information We Collect
2.1 Personal Information
We may collect the following types of personal information:
Contact Information
- Full name and business title
- Email addresses and phone numbers
- Business and postal addresses
- Company information and ABN/ACN
Business Information
- Product and service requirements
- Trade and import/export data
- Financial information for transactions
- Supply chain and logistics preferences
Technical Information
- IP addresses and device information
- Browser type and operating system
- Website usage and navigation patterns
- Cookies and similar tracking technologies
2.2 How We Collect Information
We collect personal information through:
- Direct interactions (forms, emails, phone calls, meetings)
- Our website and online services
- Business partnerships and referrals
- Public sources and industry databases
- Third-party service providers and partners
3. How We Use Information
We use personal information for the following purposes:
3.1 Service Delivery
- Providing cross-border trade and supply chain services
- Managing logistics and warehousing operations
- Facilitating OEM/ODM manufacturing processes
- Supporting live-streaming e-commerce activities
- Processing transactions and payments
3.2 Communication and Support
- Responding to inquiries and providing customer support
- Sending service updates and important notifications
- Providing industry insights and market intelligence
- Conducting business development activities
3.3 Legal and Compliance
- Complying with Australian and international trade regulations
- Meeting customs and import/export requirements
- Conducting due diligence and risk assessments
- Maintaining records for audit and legal purposes
3.4 Business Improvement
- Analyzing website usage and service performance
- Improving our services and customer experience
- Conducting market research and trend analysis
- Developing new products and services
5. International Data Transfers
As a cross-border trade company, we may transfer personal information internationally, including to:
5.1 China
We transfer personal information to China for:
- E-commerce platform operations and customer service
- Supply chain management and logistics coordination
- Manufacturing and OEM/ODM services
- Market research and business development
5.2 Other Countries
We may also transfer information to other countries where our service providers, partners, or business operations are located.
5.3 Transfer Safeguards
For international transfers, we implement appropriate safeguards including:
- Standard contractual clauses and data processing agreements
- Adequacy decisions where available
- Binding corporate rules for intra-group transfers
- Consent where required and appropriate
- Encryption and other technical security measures
6. Data Security
We implement comprehensive security measures to protect personal information:
6.1 Technical Safeguards
- Encryption of data in transit and at rest
- Secure cloud infrastructure and data centers
- Multi-factor authentication and access controls
- Regular security monitoring and threat detection
- Secure backup and disaster recovery procedures
6.2 Administrative Safeguards
- Staff training on privacy and security practices
- Background checks for personnel with data access
- Regular privacy and security audits
- Incident response and breach notification procedures
- Third-party security assessments and certifications
6.3 Physical Safeguards
- Secure office premises with access controls
- Locked storage for physical documents
- Secure destruction of sensitive materials
- Environmental controls in data storage areas
Data Breach Response
In the unlikely event of a data breach, we will promptly assess the situation, take appropriate remedial action, and notify affected individuals and relevant authorities as required by law.
7. Your Privacy Rights
You have the following rights regarding your personal information:
Access
Request access to your personal information we hold
Correction
Request correction of inaccurate or incomplete information
Deletion
Request deletion of your personal information (subject to legal requirements)
Portability
Request a copy of your data in a structured, machine-readable format
Objection
Object to certain uses of your personal information
Restriction
Request restriction of processing in certain circumstances
7.1 Exercising Your Rights
To exercise your privacy rights, please contact us using the details provided in Section 12. We will respond to your request within the timeframes required by applicable privacy laws (typically 30 days).
7.2 Complaints
If you have concerns about our privacy practices, you may:
- Contact our Privacy Officer directly
- Lodge a complaint with the Australian Information Commissioner (OAIC)
- Contact relevant data protection authorities in other jurisdictions
9. Data Retention
We retain personal information for as long as necessary to fulfill the purposes outlined in this policy, subject to legal requirements:
9.1 Business Records
Client and transaction records: 7 years after completion of services (as required by Australian tax and business laws)
9.2 Marketing Information
Contact and marketing data: Until consent is withdrawn or the individual opts out
9.3 Website Data
Website analytics and cookies: As specified in our cookie policy (typically 1-2 years)
9.4 Legal Requirements
Some information may be retained longer to comply with legal, regulatory, or contractual obligations
10. Children's Privacy
Our services are designed for businesses and adults. We do not knowingly collect personal information from children under 13 years of age. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information promptly.
Parents or guardians who believe their child has provided personal information to us should contact our Privacy Officer immediately.
11. Policy Updates
We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. When we make significant changes, we will:
- Post the updated policy on our website
- Update the "Last Updated" date at the top of this policy
- Notify affected individuals via email or other appropriate means when required by law
- Provide a summary of key changes where appropriate
We encourage you to review this policy regularly to stay informed about our privacy practices.
12. Contact Information
For questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:
Privacy Officer
XYX Holdings Pty Ltd
Email: privacy@xyxholdings.com.au
Phone: +61 (0) XXX XXX XXX
Address: Melbourne, Victoria, Australia
Response Times
We aim to respond to privacy inquiries within 5 business days and privacy requests within 30 days, as required by applicable privacy laws.
Regulatory Authorities
Australian Information Commissioner (OAIC)
Website: www.oaic.gov.au
Phone: 1300 363 992
Email: enquiries@oaic.gov.au