Legal

Privacy Policy

Ploomo Pty Ltd  ·  Last updated: June 2026

1. Introduction

Ploomo Pty Ltd (“Ploomo”, “we”, “us”, or “our”) is committed to protecting your personal information. This Privacy Policy explains how we collect, use, hold, and disclose personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

This policy applies to personal information collected through our website at ploomo.io, through our hiring and people-services engagements, and in the course of our business operations. By using our website or engaging our services, you agree to the collection and use of information as described in this policy.

2. What personal information we collect

The personal information we collect depends on how you interact with us. This may include:

Website visitors and enquiries

  • Name and contact details (email address, phone number)
  • Company name and job title
  • Information provided when booking a meeting through our scheduling tool
  • Technical data such as IP address, browser type, and pages visited (collected automatically — see section 5)

Clients

  • Business contact details for individuals within client organisations
  • Information about roles, team structures, and hiring needs provided as part of a hiring engagement
  • Feedback and assessments provided during the hiring process

Candidates

  • Name, contact details, and professional background (CV, employment history, qualifications)
  • Assessment results, interview notes, and evaluation materials created as part of a Ploomo hiring process
  • Other information provided directly by candidates or with their consent during an assessment

We only collect sensitive information (such as demographic data) where you have given express consent or where required by law.

3. How we collect personal information

We collect personal information in the following ways:

  • Directly from you — when you book a meeting, submit an enquiry, or engage our services
  • From our clients — when we are engaged to run a hiring process and a client provides information about their team or roles
  • From candidates — when candidates participate in an assessment or hiring process run by Ploomo on behalf of a client, with their consent
  • Automatically — through cookies and similar technologies when you visit our website (see section 5)

4. Why we collect and use personal information

We collect and use personal information only for the purposes for which it was collected, or for related purposes you would reasonably expect. These include:

  • Responding to enquiries and providing information about our services
  • Delivering hiring and people-services engagements for our clients
  • Assessing candidates as part of a hiring process, with their knowledge and consent
  • Managing our client and business relationships
  • Sending relevant communications, updates, or direct marketing (where you have opted in or where permitted by law — see section 12)
  • Improving our website and services
  • Complying with our legal obligations

5. Cookies and website tracking

Our website uses cookies and similar tracking technologies to improve your experience and understand how visitors use the site. These include:

  • HubSpot — we use HubSpot for our meeting scheduling tool and marketing communications. HubSpot may set cookies to identify return visitors and track engagement with our website.
  • Functional cookies — used to remember your preferences and ensure the website works correctly.

You can control cookies through your browser settings. Disabling cookies may affect certain features of the website. Our use of cookies is a disclosure-based practice in accordance with the Australian Privacy Act — we do not rely on cookies to collect sensitive personal information.

6. Who we share your information with

We do not sell your personal information. We may share it with third parties in the following circumstances:

Service providers

We use trusted third-party service providers to operate our business. These providers are bound by confidentiality and data protection obligations. They include:

  • HubSpot (United States) — meeting scheduling and marketing communications
  • Supabase (United States) — database and authentication infrastructure
  • Vercel (United States) — website hosting and infrastructure

Clients

In the course of a hiring engagement, we share candidate information (such as assessments and profiles) with the relevant client. This is done with candidates' knowledge as part of the hiring process.

Legal requirements

We may disclose personal information where required to do so by law, regulation, or a valid request from a government authority.

7. Cross-border disclosure

Some of our service providers are located in the United States. By using our website or engaging our services, you acknowledge that your personal information may be transferred to and processed in the United States. We take reasonable steps to ensure that overseas recipients handle personal information in a manner consistent with the Australian Privacy Principles.

8. How long we keep your information

We retain personal information for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Specifically:

  • Enquiry and meeting data — retained for as long as the business relationship is active or prospective, and for up to 2 years thereafter
  • Client engagement data — retained for the duration of the engagement and for 7 years thereafter, in accordance with standard Australian business record-keeping requirements
  • Candidate data — retained for the duration of the relevant hiring process and for up to 2 years thereafter, unless a longer retention period is requested by the candidate or required by law

When personal information is no longer required, we take reasonable steps to destroy or de-identify it securely.

9. Candidate data

Ploomo collects and processes personal information about candidates as part of hiring engagements conducted on behalf of our clients. Candidates are informed of this collection and provide consent before participating in any assessment or evaluation process.

Candidate information is used solely for the purposes of the relevant hiring process. It is shared with the client for whom the hiring process is being conducted, and is not used for any other commercial purpose or shared with any other third party without the candidate's consent.

Candidates may request access to, or correction of, their personal information held by Ploomo at any time by contacting us at the details in section 15.

10. Security

We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure. Our security measures include access controls, encrypted data storage and transmission, and use of security-reviewed third-party infrastructure providers.

No method of transmission or storage is completely secure. If you have reason to believe your personal information held by us has been compromised, please contact us immediately.

11. Notifiable data breaches

We comply with the Notifiable Data Breaches (NDB) scheme under the Privacy Act 1988 (Cth). If we become aware of a data breach that is likely to result in serious harm to any individual whose information is involved, we will notify the affected individual(s) and the Office of the Australian Information Commissioner (OAIC) as required by law.

12. Direct marketing

We may use your contact details to send you information about our services or relevant updates where you have opted in or where permitted by the Spam Act 2003 (Cth) and the APPs. Every marketing communication we send includes an option to unsubscribe. You may also opt out at any time by contacting us at contact@ploomo.io.

13. Your rights

Under the Australian Privacy Principles, you have the right to:

  • Access — request access to the personal information we hold about you
  • Correction — request that we correct personal information that is inaccurate, out of date, incomplete, or misleading
  • Deletion — request that we delete your personal information where we no longer have a lawful basis to retain it
  • Complaints — lodge a complaint if you believe we have handled your personal information in a way that breaches the APPs

To exercise any of these rights, contact us at the details in section 15. We will respond within 30 days. In some circumstances we may be unable to provide access (for example, where disclosure would unreasonably impact the privacy of another individual), and we will explain why.

14. Complaints

If you have a complaint about how we have handled your personal information, please contact us first and we will investigate and respond within a reasonable timeframe (generally 30 days).

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

15. Contact us

For any privacy-related enquiries, requests, or complaints, please contact our Privacy Officer:

Ploomo Pty Ltd
11 Wilson St, South Yarra VIC 3141
Email: contact@ploomo.io

16. Changes to this policy

We may update this Privacy Policy from time to time. The current version will always be available at ploomo.io/privacy. We encourage you to review this policy periodically. Material changes will be communicated where we hold your contact details.