Privacy

Privacy Policy

Last updated: 18 May 2026

XEF Global Limited (“XEF Global”, "we", "us", "our") is committed to protecting the privacy of everyone who interacts with our website, our Academy, and our consulting services. This policy explains what personal information we collect, how we use it, who we share it with, how we protect it, and the rights you have in relation to it.

This policy applies to xefglobal.com and any other digital properties we operate, including the XEF Academy.

XEF Global is registered in New Zealand and operates internationally. Where you are located in a jurisdiction with specific data protection laws (including the United Kingdom, European Economic Area, United States, Australia, Singapore, and Canada), your local rights are described in this policy and apply alongside our obligations under the New Zealand Privacy Act 2020.

This policy is provided in English only. We do not currently offer translated versions.

1. Who we are

XEF Global is a New Zealand-registered company providing experience management consulting, certification, and published research through the Experience Ecosystem Framework™.

For the purposes of the EU and UK General Data Protection Regulation, XEF Global is the data controller for the information described in this policy.

If you have any questions about this policy or how we handle your information, contact us at: legal@xefglobal.com

2. Information we collect

We collect personal information in the following ways.

Information you provide to us directly. When you fill in a contact form, subscribe to our newsletter, register for an XEF Academy course, purchase a product, or otherwise interact with us, we collect the information you give us. This typically includes your name, email address, phone number, organisation, job title, and any other information you choose to share. For Academy registrations and product purchases, we also collect billing information.

Information collected automatically. When you visit our website, we automatically collect information about your device and how you use the site. This includes your IP address, browser type, device type, operating system, referral source, pages visited, and time spent on each page.

Information from cookies and similar technologies. We use cookies and similar technologies to operate the website, understand how it is used, and improve it over time. See Section 6 for details.

Information from third parties. If you interact with XEF Global through a third-party platform (for example, by signing up to our email newsletter, or completing a course), the platform may share certain information with us in accordance with its own privacy practices.

3. How we use your information

We use the information we collect for the following purposes.

To provide our services. This includes responding to your enquiries, delivering Academy courses, processing payments, issuing certifications, and providing customer support.

To communicate with you. This includes sending you email newsletters and updates that you have subscribed to, responding to your messages, and contacting you about products or services you have purchased.

To improve our website and services. This includes analysing how the website is used, identifying improvements, and developing new products and services.

To meet legal and regulatory obligations. This includes complying with applicable laws, responding to lawful requests from authorities, and protecting our legal rights.

4. Lawful basis for processing (GDPR and UK GDPR)

If you are located in the European Economic Area or the United Kingdom, the following lawful bases apply to our processing of your personal information.

Performance of a contract: Where processing is necessary to provide a service you have requested (such as delivering an Academy course you have registered for or processing a purchase).

Legitimate interests: Where processing is necessary for our legitimate business interests, such as understanding how our website is used, improving our services, and communicating with existing customers about related products. We balance these interests against your rights and freedoms.

Consent: Where you have explicitly consented to the processing, such as subscribing to our email newsletter or accepting non-essential cookies. You can withdraw consent at any time.

Legal obligation: Where we are required to process your information to comply with applicable laws.

5. Who we share your information with

We do not sell your personal information.

We share personal information with the following categories of third parties to operate our business.

Service providers we use to deliver our services:

  • MailerLite (email marketing and newsletter delivery)
  • Thinkific (XEF Academy learning platform)
  • Twilio Segment (data integration)
  • Mixpanel (website analytics)
  • Google Cloud / BigQuery (data warehousing)
  • Stripe (payment processing)

Each of these providers processes your information only in accordance with our instructions and their own published privacy practices.

Professional advisers, including lawyers, accountants, and auditors, where reasonably necessary for the operation of our business.

Regulators, authorities, and law enforcement where required by law or to protect our legal rights.

Other parties in the context of a corporate transaction, such as a potential buyer or investor, subject to appropriate confidentiality protections.

6. Cookies and similar technologies

Our website uses cookies and similar technologies for the following purposes.

Strictly necessary cookies: These are required for the website to function and cannot be switched off. They include cookies that maintain your session and remember your cookie preferences.

Analytics cookies: These help us understand how visitors use our site so we can improve it.

You can manage your cookie preferences through the consent banner displayed on your first visit, or through your browser settings at any time. Disabling certain cookies may affect how the website works.

7. International transfers of your information

XEF Global is based in New Zealand. Some of our service providers are located in other countries, including the United States and the European Union. When your information is transferred outside your country of residence, we take steps to ensure it remains protected to a standard consistent with the laws applying to you.

For transfers from the European Economic Area or United Kingdom, we rely on European Commission adequacy decisions where available, and on Standard Contractual Clauses or equivalent safeguards where adequacy decisions are not in place.

For transfers from other jurisdictions, we rely on the contractual and technical safeguards required by the relevant law.

8. How long we keep your information

We keep personal information for as long as necessary for the purposes for which it was collected, including for legal, accounting, or reporting obligations.

In general:

  • Marketing subscriber data is kept until you unsubscribe, after which we retain a minimal record to ensure we do not contact you again without consent.
  • Customer and Academy participant data is kept for the duration of the relationship and for a reasonable period afterwards, typically up to seven years to meet tax and accounting requirements.
  • Website analytics data is kept in aggregated form and retained for the period necessary for analysis.

9. Your rights

Depending on where you live, you have certain rights in relation to your personal information.

For everyone:

  • The right to access the personal information we hold about you.
  • The right to correct information that is inaccurate.
  • The right to ask us to delete information we no longer need.
  • The right to unsubscribe from marketing communications at any time, by using the unsubscribe link in our emails or by contacting us directly.

For individuals in the EEA and UK (under GDPR):

In addition to the rights above, you have the right to restrict or object to processing, the right to data portability, and the right to withdraw consent where consent is the lawful basis for processing.

For individuals in California (under CCPA/CPRA):

You have the right to know what personal information we collect, the right to delete it, the right to correct it, and the right to opt out of any "sale" or "sharing" as those terms are defined under California law. XEF Global does not sell or share personal information for cross-context behavioural advertising purposes.

Our Website is designed to recognise and honour Global Privacy Control (GPC) signals.

For individuals in Australia (under the Privacy Act 1988):

You have rights under the Australian Privacy Principles, including the right to access and correct your personal information.

For individuals in Singapore (under the PDPA):

You have rights to access and correct your personal data and to withdraw consent for our processing.

For individuals in Canada (under PIPEDA):

You have rights to access and correct your personal information and to challenge our handling of it.

For individuals in New Zealand (under the Privacy Act 2020):

You have rights to access and correct your personal information held by us, in accordance with Information Privacy Principles 6 and 7.

To exercise any of these rights, contact us at legal@xefglobal.com. We will respond within the timeframe required by the law applying to you.

10. How we protect your information

We take reasonable technical and organisational measures to protect personal information from loss, misuse, unauthorised access, disclosure, or alteration. These measures include encryption in transit, access controls, and the use of reputable service providers with their own security standards.

No system can be guaranteed to be completely secure. If we become aware of a personal data breach affecting you, we will notify you and the relevant authorities in accordance with applicable law.

While we take reasonable steps to maintain secure internet connections, if you provide us with personal information over the internet, the provision of that information is at your own risk. If you post your personal information on a message board or chat room within our websites, you acknowledge and agree that the information you post is publicly available. If you follow a link on our website to another site, the owner of that site will have its own privacy policy, which we suggest you review before providing personal information.

11. Children's privacy

Our website and services are not directed at children under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will take steps to delete it.

12. Complaints

If you have a concern about how we have handled your personal information, please contact us first at legal@xefglobal.com so we can try to resolve it.

You also have the right to lodge a complaint with the relevant supervisory authority in your jurisdiction:

  • European Union: Your national data protection authority
  • Australia: Office of the Australian Information Commissioner (www.oaic.gov.au)
  • Canada: Office of the Privacy Commissioner of Canada (www.priv.gc.ca)
  • United States (California): California Attorney General (oag.ca.gov)

13. Changes to this policy

We may update this policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last updated" date at the top of this policy and, where appropriate, notify you directly.

14. Contact us

If you have any questions about this policy or how we handle your personal information, contact us at:

XEF Global: legal@xefglobal.com