Privacy Policy

In this Privacy Policy, 'us' 'we' or 'our' means PLAYGROUND XYZ HOLDINGS PTY LTD (ABN 76 607 526 027) and our related bodies PLAYGROUND XYZ AUSTRALIA PTY LTD (ABN 42 607 532 365), PLAYGROUND XYZ IP PTY LTD (ABN 66 607 532 025), PLAYGROUND XYZ EMEA LTD (UK Company No. 10802474), PLAYGROUND XYZ ASIA PTE. LTD. (SG Registration No. 201809380E) and PLAYGROUND XYZ NORTH AMERICA CORP (EIN 36-4922580). We are committed to respecting your privacy.

In Australia, we are bound by the Australian Privacy Principles contained in the Privacy Act 1988 (Cth) (Privacy Act). For individuals located within the European Union, we also comply with the General Data Protection Regulation (EU) 2016/679 (GDPR). Our representative within the European Union is Playground XYZ EMEA Ltd (UK Company No 10802474) of 2nd Floor Waverley House, 7-12 Noel Street, London, United Kingdom, W1F 8GQ.

Our Privacy Policy sets outs out how we collect, use, process, store and disclose your personal information. Personal information includes information or an opinion about an identified individual or an individual that is reasonably identifiable. For example, this may include your name, age, gender, postcode and contact details. Our Privacy Policy also uses the term 'personal information' to cover any information or data about identified or identifiable natural persons that is 'personal data' for the purposes of the GDPR.

We may change our Privacy Policy from time to time by publishing changes to it on our website. We encourage you to check our website periodically to ensure that you are aware of our current Privacy Policy.

What personal information do we collect?

We may collect the following types of personal information:

We may collect these types of personal information either directly from you, or from third parties. We may collect this information when you:

Personal information relating to employees, applicants and contractors

In addition, when you apply for a job or position with us we may collect certain personal information from you (including your name, contact details, working history and relevant records checks) as part of the application process. We may also collect these types of information about you from any recruitment consultant, your previous employers and others who may be able to provide information to us to assist in our decision on whether or not to make you an offer of employment or to engage you under a contract.

If you are or have previously been employed by us in Australia, this Privacy Policy does not apply to our acts and practices in relation to employee records of our current and former employees in Australia, which are exempt from the Privacy Act. If you are an employee of ours in the European Union or if you are an individual contractor engaged by us, this Privacy Policy will still apply to you and our handling of personal information about you.  

Why do we collect, use, process and disclose personal information?

We will collect, hold, use, process and disclose your personal information for the purposes set out in the table below. If you are located within the European Union, the lawful basis for our collection, holding, use, processing and disclosure of your personal information is also set out in this table.

Purpose of collection, holding, use, processing and disclosure

Lawful basis

  • to enable you to access and use our website and/or services;

Your consent (if given to us)

Performance of a contract with you

  • to operate, protect, improve and optimise our website and services business and our users’ experience, such as to perform analytics, conduct research and for advertising and marketing;

For our legitimate interests in operating our business efficiently and effectively

  • to send you service, support and administrative messages, reminders, technical notices, updates, security alerts, and information requested by you;

Your consent (if given to us)

Performance of a contract with you

  • to send you marketing and promotional messages and other information that may be of interest to you, including information sent by, or on behalf of, our business partners that we think you may find interesting;

Your consent (if given to us)

  • to administer rewards, surveys, contests, or other promotional activities or events sponsored or managed by us or our business partners;

Your consent (if given to us)

For our legitimate interests in operating and promoting our business and rewarding the loyalty of our customers

  • To conduct eye-tracking market research and improve our eye-tracking technology;

Your consent (if given to us)

Performance of a contract with you

  • To conduct gaze inference research and improve our gaze inference technology

Your consent (if given to us)

Performance of a contract with you

  • to comply with our legal obligations, resolve any disputes that we may have with any of our users, and enforce our agreements with third parties; and

Compliance with our legal obligations

For our legitimate interests in enforcing our contractual and legal rights

  • to consider your employment application.

Our legitimate interests

Performance of a contract

In order to take steps requested by you prior to considering whether to enter into an employment agreement with you

We may also disclose your personal information to a trusted third party who also holds other information about you. This third party may combine that information in order to enable it and us to develop anonymised consumer insights so that we can better understand your preferences and interests, personalise your experience and enhance the products and services that you receive.

Do we use your personal information for direct marketing?

We and/or our carefully selected business partners may send you direct marketing communications and information about our products and service if you have consented to receiving these communications. This may take the form of emails, SMS, mail or other forms of communication, in accordance with the Spam Act and the Privacy Act and in the UK the Privacy and Electronic Communications (EC Directive) Regulations 2003. You may opt-out of receiving marketing materials from us by contacting us using the contact method set out here - - or by using the opt-out facilities provided in the communication.

To whom do we disclose your personal information?

We may disclose personal information for the purposes described in this Privacy Policy to:

Disclosure of Australian personal information outside Australia

We may disclose personal information outside of Australia to cloud providers and software providers located outside of Australia, including the United Kingdom, Ireland, Singapore and the United States of America. When you provide your personal information to us, you consent to the disclosure of your information outside of Australia and acknowledge that we are not required to ensure that overseas recipients handle that personal information in compliance with the Privacy Act. We will, however, take reasonable steps to ensure that any overseas recipient will deal with such personal information in a way that is consistent with the Australian Privacy Principles and in case of the United Kingdom will deal with such personal information in accordance with the GDPR.

Transfers of personal information of European individuals outside of the European Union

We may hold and disclose personal information about individuals located outside of the European Union. In particular, our Australian companies may receive personal information that was originally collected by or disclosed to our UK company. Personal information transferred by our UK company to our Australian companies will be undertaken in accordance with an intra-group data transfer agreement that implements standard data protection clauses as permitted under Article 46.2 of the GDPR.

In addition, we may disclose personal information to cloud providers (including Google and Amazon Web Services), software providers (Xero), our accountants (Hall Chadwick), financial advisors (Xake)  and our data partners (BrainyBot Pty Ltd and Kantar Millward Brown) that are located outside of, or may store personal information outside of, the European Union, including in Singapore, Australia and the United Kingdom. When we disclose personal information to these third parties, we do so:

Websites and cookies

We may collect personal information about you when you use and access our website or a publisher's website that we (or a third party acting on our behalf) is placing advertising on.

While we do not use browsing information to identify you personally, we may record certain information about your use of these websites, such as which pages you visit, the time and date of your visit and the internet protocol (IP) address assigned to your computer. We record your IP address in order to assist us to protect our systems from malicious activities, including denial of service attacks and brute force attempts to access our systems. We store IP addresses for this purpose for 30 days in order to detect and analyse previous attacks on our systems.

We (or a third party acting on our behalf) may also use 'cookies' or other similar tracking technologies on these website that help us track your website usage and remember your preferences. Cookies are small files that store information on your computer, TV, mobile phone or other device. They enable the entity that put the cookie on your device to recognise you across different websites, services, devices and/or browsing sessions. We (or a third party acting on our behalf) may use cookies to determine which advertisements to display to you on our website or a publisher's website that we (or a third party acting on our behalf) is placing advertising on. You can disable cookies through your internet browser but our websites may not work as intended for you if you do so.

We may also use cookies to enable us to collect data that may include personal information. For example, where a cookie is linked to your account, it will be considered personal information under the Privacy Act and GDPR. We will handle any personal information collected by cookies in the same way that we handle all other personal information as described in this Privacy Policy.

Storage of personal data

We will store your personal data for up to 5 years after we have completed providing our services to you (or to the business that employs or engages you as a contractor, if applicable). After this time:

  1. we will continue to store your personal data only to the extent required by any law applicable to our business or for compliance and risk management purposes; and
  2. we will delete or de-identify your personal data when it is no longer necessary or required to be kept.

If you are located in the European Union, we do not store images or videos of your face for any period of time; this information is processed locally on your own device and is not retained by us.


We may hold your personal information in either electronic or hard copy form. We take reasonable steps to protect your personal information from misuse, interference and loss, as well as unauthorised access, modification or disclosure and we use a number of physical, administrative, personnel and technical measures to protect your personal information.


Our website may contain links to websites operated by third parties. Those links are provided for convenience and may not remain current or be maintained. Unless expressly stated otherwise, we are not responsible for the privacy practices of, or any content on, those linked websites, and have no control over or rights in those linked websites. The privacy policies that apply to those other websites may differ substantially from our Privacy Policy, so we encourage individuals to read them before using those websites.

Accessing or correcting your personal information

You can access the personal information we hold about you by contacting us using the contact information provided through the website or using the contact details set out below . Sometimes, we may not be able to provide you with access to all of your personal information and, where this is the case, we will tell you why. We may also need to verify your identity when you request your personal information.

If you think that any personal information we hold about you is inaccurate, please contact us using the details set out below and we will take reasonable steps to ensure that it is corrected.

Playground XYZ partners with AppNexus to deliver advertising content to website end users and may use cookies in conjunction with AppNexus for the purpose of targeted advertising. The AppNexus Consumer Data website ( will show website end users the segments that Playground XYZ and third party providers using the AppNexus platform have associated to your cookie or your mobile advertising ID and allow website end users to opt out of any segments.

Additional rights under GDPR for individuals within the European Union

If you are located within the European Union, then you also have the following additional rights under the GDPR. We will comply with all of our obligations under the GDPR in respect of these rights.

Where we process any personal information about you on the basis of any consent given by you, you have the right to withdraw your consent at any time by giving notice to us (which you can do using our contact details set out above). We will give effect to your withdrawal of consent promptly and will cease any processing that you no longer consent to, unless we have another lawful basis for that processing. The withdrawal of your consent will not affect the lawfulness of any processing that occurred prior to the date that you notified us that you were withdrawing your consent.

You have a right to information portability, which is the right in certain circumstances to request a copy of your personal information in a structured, commonly used and machine-readable format and to transmit this information to another data controller. You may also request that we erase any personal information that we hold about you which is no longer necessary for any of the purposes that we collected it for, which you have withdrawn your consent in respect of processing, which you are allowed under the GDPR to object to. We will comply with such requests unless we are permitted or required by law to retain that information.

You also have the right to object to our processing of personal information in certain circumstances, including where we process personal information based on our legitimate interests. You can also request that we restrict our processing activities in some circumstances. If you make such a request then we will continue to store your personal information but will not otherwise process your personal information without your consent or as otherwise permitted by law.

Making a complaint

If you think we have breached the Privacy Act (if you are located in Australia) or the GDPR (if you are located within the European Union), or you wish to make a complaint about the way we have handled your personal information, you can contact us at Please include your name, email address and/or telephone number and clearly describe your complaint. We will acknowledge your complaint and respond to you regarding your complaint within the time required by law (if applicable) or otherwise within a reasonable period of time, typically within 30 days. If you think that we have failed to resolve the complaint satisfactorily, we will provide you with information about the further steps you can take.

Industry Involvement

Playground XYZ is involved with the following organisations:

Contact Us

For the purposes of the GDPR, our representative within the European Union is:

PLAYGROUND XYZ EMEA LTD (UK Company No 10802474)
2nd Floor Waverley House

7-12 Noel Street

London, W1F 8GQ

United Kingdom

As our core activities do not consist of processing operations that require regular and systematic monitoring of data subjects on a large scale, we are not required under GDPR to appoint a data protection officer.

For further information about our Privacy Policy or practices, or to access or correct your personal information, or make a complaint, please contact us using the details set out below:

Scot Liddell - COO

Level 11, 61 York St, Sydney, 2000, Australia.

Effective: 30 June 2019