PRIVACY POLICY
1. About this policy
This privacy policy explains how Neoma Pty Ltd (ABN 18 687 659 196) collects, uses, and protects personal information. We provide workforce consulting services and employee reskilling programs to organisations across Australia.
Although Neoma is not legally required to comply with the Privacy Act 1988 (Cth), we have chosen to operate in accordance with the Australian Privacy Principles (APPs) because we believe it reflects good practice and builds trust with our clients and the individuals whose information we handle.
We have also voluntarily adopted the Notifiable Data Breaches scheme. If we experience a data breach that is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner.
2. How we work with organisations and their employees
When an organisation engages Neoma to deliver reskilling programs or assessments, we act as a service provider to that organisation. The organisation remains responsible for their employees' data and directs how we use it.
This means:
• Employees interact directly with Neoma's platforms to complete assessments and training
• We collect and process employee data on behalf of the organisation, following their instructions
• If an employee wants to access, correct, or delete their personal information, they should contact their employer in the first instance. The employer will then work with us to action the request
3. Personal information we collect
For employees participating in our programs:
• Name and work email address
• Job title and department
• Skills assessment and aptitude test results
• Learning progress and completion records
• Performance information provided by line managers
For our enterprise clients and prospective clients:
• Contact details (name, email, phone number, job title)
• Organisation name and details
• Records of communications and meetings
For visitors to our website:
• Website usage data collected through Google Analytics (see section 8)
• Any information you provide through contact forms
4. Sensitive information (diversity data)
We may ask employees to voluntarily provide diversity information such as gender, ethnicity, or disability status. This information is classified as 'sensitive information' under Australian privacy law, and we treat it with additional care.
Why we collect it:
We use diversity data solely to analyse whether our assessments perform fairly across different groups. This helps us identify and address any unintended bias in our testing methodologies.
How we handle it:
• Providing this information is always optional
• We require explicit consent before collecting it
• While the data is linked to individuals during collection and analysis, we only report on it in anonymised, aggregate form
• Diversity data is never shared with the employing organisation in a way that identifies individuals
5. How we use personal information
We use personal information to:
• Deliver assessments, training, and reskilling programs
• Generate reports and analytics for our enterprise clients
• Monitor and improve the quality and fairness of our assessments
• Communicate with clients about our services
• Meet our legal and contractual obligations
• Improve our platforms and develop new services
Automated decision-making:
Our assessment platform uses automated scoring for objective questions (such as correct/incorrect answers). We do not use artificial intelligence to grade open-ended responses or make decisions about individuals' suitability for roles. Final decisions about employees remain with their employer.
6. Who we share information with
We share personal information with:
• The employing organisation: Assessment results, learning progress, and related reports are provided to the organisation that engaged us. We share information according to their instructions and our contractual arrangements.
• Service providers: We use third-party platforms to deliver our services (see section 7).
We do not sell personal information to third parties or use it for purposes unrelated to our services.
7. Third-party service providers
We use the following types of services to operate our business:
• Cloud infrastructure and database hosting (Supabase)
• Customer relationship management (Salesmate)
• Business intelligence and contact enrichment (Apollo.io)
• Communication and collaboration (Microsoft 365, Slack)
• Meeting notes and transcription (Granola.ai)
• Website analytics (Google Analytics)
These providers have their own privacy policies and security measures. We select providers that maintain appropriate data protection standards.
8. Overseas disclosure
Some of our service providers store or process data outside Australia, primarily in the United States. This includes our cloud infrastructure, CRM, and communication tools.
Before using overseas providers, we take reasonable steps to ensure they handle personal information in a manner consistent with the Australian Privacy Principles. This typically includes reviewing their security practices, data handling policies, and any relevant certifications.
9. Cookies and website analytics
Our website uses Google Analytics to understand how visitors use our site. This collects information such as:
• Pages visited and time spent on each page
• Referring websites
• Browser type and device information
• General location (city/country level)
This information is collected anonymously and used to improve our website. You can opt out of Google Analytics by installing the Google Analytics opt-out browser add-on.
10. Data security
We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access. Our security measures include:
• Encryption of data in transit and at rest
• Access controls limiting who can view personal information
• Regular review of security practices
• Selection of service providers with appropriate security certifications
11. How long we keep information
We retain personal information only for as long as necessary for the purposes described in this policy, or as required by law. Our general retention periods are:
• Assessment results and learning records: Duration of our contract with the employing organisation, plus 2 years
• Performance information from managers: Duration of contract plus 2 years
• Client contact details: Duration of relationship, plus 2 years, or until consent for marketing is withdrawn
• Financial and contractual records: 7 years (as required by Australian tax law)
• Anonymised analytics data: Retained indefinitely (this is no longer personal information)
12. Accessing and correcting your information
If you are an employee who has used our platform:
Please contact your employer to request access to, correction of, or deletion of your personal information. Your employer will work with us to action your request in accordance with their policies and our contractual arrangements.
If you are an enterprise client or other individual:
You can contact us directly using the details below to request access to or correction of your personal information. We will respond within a reasonable timeframe, usually within 30 days.
13. Complaints
If you believe we have breached your privacy, please contact us using the details below. We will investigate your complaint and respond within 30 days.
If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.
14. Contact us
If you have any questions about this privacy policy or how we handle personal information, please contact us:
Neoma Pty Ltd
Email: contact@neoma.com.au
Address: Level 5, 100 Market Street, Sydney NSW 2000
15. Changes to this policy
We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. The current version will always be available on our website with the date of last update shown at the top.