The Lexer Privacy Policy

We are Lexer Pty Ltd and its affiliate companies (that’s Lexer to you!). We like to say that privacy is our core business. We may like to be playful, but not when it comes to personal data. This Privacy Policy sets out how we collect, use, process and disclose information about you or other individuals whose information we hold. We also describe choices you have when it comes to your information.

When this Policy applies to you

If you are a Lexer client or user, potential job applicant, or just visiting one of our websites, this Privacy Policy applies to you.

Our responsibilities

If you are a visitor to our websites or a potential job applicant, we act as the “data controller” of personal data. In this case, we are the ones directly collecting personal information about you in accordance with this Privacy Policy.

For data held and managed on behalf of our clients using our services, we act as the “data processor” of personal data. In most cases, we did not actually collect personal information from you directly, but we manage it following the rules set out in this Privacy Policy.

Your responsibilities

  • Read this Privacy Policy
  • If you are our client, please also check the written terms of agreement between us: they may contain further details on how we collect and process your data
  • If you provide us with personal information about other people, or if others give us your information, we will only use that information for the specific reason for which it was provided to us. By submitting the information to us, you confirm that you have the right to authorise us to process it on your behalf in accordance with this Privacy Policy
  • You should not use our services if you are under 18 years old

You may also be subject to third party privacy terms

Our Privacy Policy applies to our websites, products and services only. Our services often provide integrations with other third party platforms, such as Facebook, Instagram and other social media platforms, as well as other third party products and services (“Third Parties”). This means that other privacy terms may also apply to you. 

We do not take any responsibility for informing you of, or policing your compliance with any Third Party terms.

When and how we collect data

From the first moment you interact with us, we are collecting data. Sometimes you provide us with data, sometimes data about you is collected automatically.
Here’s when and how we do this:

Types of data we collect

We collect the following information when you use our services:

Contact details

Your name, email address, address, organisation or telephone number
More information

Account information

Details about your account with us, including payment information
More information

Logs, usage, and support data

Data that identifies you which might be specific to your device or other technical data, or which shows how you use the services
More information

Content from your use of the services or website

Details about how you use the services or website, including material you create or provide while using our services
More information

Surveys, events, and marketing information

Information you give us voluntarily in order to participate in surveys or events and other marketing activities
More information

Applying for employment

Information you give us when applying for a job with us
More information

Browsing our websites or making an online purchase

Data we collect about you when visiting our websites or making a purchase
More information


A cookie is a small file containing information specific to a user, passed through an internet protocol such as a web browser and stored on a device. We track cookies on our websites, but you can turn them off (although this may affect your browsing experience with us)
More information

What we don’t collect

Sensitive Data. We don’t collect any ‘sensitive data’ about you (like racial or ethnic origin, political opinions, religious/philosophical beliefs, trade union membership, genetic data, biometric data, health data, data about your sexual life or orientation, and offences or alleged offences) except when we have your specific consent, or when we have to in order to comply with the law.
Children’s Data. We are a business-to-business service directed to and intended for use only by those who are 18 years of age or over. We do not target our services to children, and we do not knowingly collect any personal data from any person under 16 years of age. In our contract with clients who use our services, our client must have a legal basis to collect such personal information before it is processed by us. This also applies to personal data from a person under 16 years of age. Any personal data from a person under 16 contained within our services will be processed as with any other personal data on this basis.

How and why we use your data

Data protection law means that we can only use your data for certain reasons and where we have a legal basis to do so. Here are the reasons for which we process your data:

Keeping Lexer running

Login and authentication, processing payments, account set up. Managing the performance, security and compliance of our services.
Legal Basis: Contract, Legitimate interest

Improving Lexer

Testing features, interacting with feedback platforms and questionnaires, managing landing pages, heat mapping our site, traffic optimisation and data analysis and research, including profiling and the use of machine learning and other techniques over your data and in some cases using third parties to do this.
Legal basis for this data usage: Contract, Legitimate interest

Customer Support

Notifying you of any changes to our service, solving issues via live chat support, phone or email including any bug fixing.
Legal basis for this data usage: Contract, Legitimate interest

Marketing Purposes (with your consent)

Either on behalf of Lexer or our clients that use our services, sending you emails and messages about new features, products and services, and content. Creating audiences for marketing purposes via Third Party services.
Legal basis for this data usage: Consent
Read more

Where we send your information

We are an Australian company, but we work with and process data about individuals across the world. To operate our business, we may send your personal information outside of your state, province, or country, including to the United States. This data may be subject to the laws of the countries where we send it, and the terms of any agreement with our clients.

When we send your information across borders, we take steps to protect your information, and we try to only send your information to countries that have strong data protection laws.

Transfers outside of Europe, UK and Switzerland

If you are in Europe, the UK, or Switzerland, your personal information is transferred to our processing regions, being Australia or the United States (as requested by our client by contract). This information is protected by contractual commitments that are comparable to those provided in Standard Contractual Clauses.

Finally, while we do what we can to protect your information, we may at times be legally required to disclose your personal information (for example, if we receive a valid court order). 

Your privacy choices and rights

You can choose not to provide us with personal data

Read more

You can turn off cookies in your browser by changing its settings

Read more

You can ask us not to use your data for marketing

Read more

You have the right to access information we hold about you

Read more

You have the right to correct any inaccurate personal data about you

Read more

You can object to us using your data for profiling you or making automated decisions about you

Read more

You have the right to port your data to another service

Read more

You have the right to be ‘forgotten’ by us

Read more

You have the right to lodge a complaint regarding our use of your data

Read more

How secure is the data we collect?

We have physical, electronic, and managerial procedures to safeguard and secure the information we collect.

You can see more information about our security measures and policies here.

Where do we store the data?

The personal data we collect is processed in Australia and the United States and in any data processing facilities operated by the third parties identified below.

By submitting your personal data, you agree to this transfer, storing or processing by us. If we transfer or store your information outside of Australia or the United States, we will take steps to ensure that your privacy rights continue to be protected as outlined in this Privacy Policy.

How long do we store your data?

For personal data processed by Lexer on behalf of our clients, we will delete your personal data within 30 days of our client terminating its services with us, or as agreed with our client by contract. 

For personal data which we collect directly from you (via our websites, chat functions or potential job applicants), we will delete this personal data on request by you, or otherwise hold it only for so long as is required for our legitimate interest, or for the period necessary to comply with our legal obligations to store specific types of records or information.

Third parties who process your data

We often use third parties to help host our services, communicate with clients, power our emails etc. We partner with third parties who are some of the best in their field at what they do.

When we do this, sometimes it is necessary for us to share your data with them in order to get these services to work well. Your data is shared only when strictly necessary and according to the safeguards and good practices detailed in this Privacy Policy.

Changing this Privacy Policy

We try not to change our privacy policy too often, but sometimes we need to, for example, if the law changes or if we change the way we collect or use your information. When we change our privacy policy, we will put the updated version on our website straight away. We will also put a notice on our website when we make significant updates, so you will know this has happened.

This privacy policy was last reviewed on 25 March 2024 without material change.

California residents: “Shine the Light” law

California Civil Code Section 1798.83, also known as “Shine The Light” law, permits California residents to annually request information regarding the disclosure of your Personal Information (if any) to third parties for the third parties’ direct marketing purposes in the preceding calendar year. To make such a request of Lexer, please send an email to (you must be able to verify your identity). 

Please note that any requests in respect of Personal Information held on behalf of Lexer’s clients should be directed to Lexer’s client in the first instance.