Privacy Policy

Effective Date: 21 April 2026

Last Updated: 21 April 2026

1. About this Policy

PIOTICON Pty Ltd ("PIOTICON", "we", "our", "us") is a specialist Project Management and Control (PMC) consultancy operating across Australia and New Zealand. We handle personal information in line with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), and where applicable, the New Zealand Privacy Act 2020.

This Policy explains what personal information we collect, why we collect it, how we use and protect it, and the choices you have. It applies to our website (pioticon.com), our services, our coaching and development programs, and any direct interaction with us.

By using our website or engaging our services, you accept this Policy. If you do not accept it, please do not use the website or share personal information with us.

2. Who this Policy Covers

• Visitors to our website
• Prospective clients, current clients, and their representatives
• Business partners, subcontractors, consultants, and suppliers
• Participants in our coaching, mentoring, and development programs
• Job applicants and recruitment contacts
• Anyone who contacts us, subscribes to our content, or attends our events

3. Information We Collect

3.1 Information you give us directly

Name, job title, employer, email, phone number, postal address, project or service requirements, enquiry content, event registration details, payment and billing details, and anything else you choose to share.

3.2 Information collected through our website

IP address, device type, operating system, browser type, referring URL, pages visited, time spent on pages, and interaction data. We collect this through cookies and similar technologies. See Section 7 for details.

3.3 Client project and operational information

When delivering PMC services, we work with project schedules, cost data, risk registers, governance records, performance data, reports, correspondence, and meeting outputs. Some of this contains personal information about your staff or third parties.

3.4 Coaching, mentoring, and development information

For program participants we may collect qualifications, role history, self-assessments, coaching notes, progress records, attendance, and feedback.

3.5 Recruitment information

For applicants, this includes resumes, qualifications, references, work history, right-to-work documentation, and interview notes.

3.6 Sensitive information

We do not actively seek sensitive information (as defined in the Privacy Act). If we need to collect it (for example, accessibility requirements for an event), we will only do so with your consent and for a clearly stated purpose.

4. Why We Collect and How We Use It

We use personal information for the following purposes:

• Service delivery. Scoping, contracting, and delivering PMC, coaching, and digital solutions engagements.
• Communication. Responding to enquiries, providing updates, and managing project communication.
• Business operations. Invoicing, account management, internal reporting, and supplier coordination.
• Coaching and development. Designing, delivering, and improving programs and tracking participant progress.
• Marketing and content. Sending newsletters, case studies, and event invitations where you have opted in or where permitted under the Spam Act 2003 (Cth). You can opt out at any time using the unsubscribe link in any message.
• Recruitment. Assessing applicants and managing the hiring process.
• Security, compliance, and legal. Protecting our systems, meeting legal and contractual obligations, and resolving disputes.
• Service improvement. Understanding how our website and services are used so we can improve them.

We will only use personal information for the purpose it was collected for, a directly related purpose you would reasonably expect, or a purpose you have consented to.

5. Use of Artificial Intelligence

We use AI tools, including large language models, to assist with research, drafting, analysis, design, and internal productivity. Where personal information is processed by these tools, we apply the following standards:

• We use enterprise or business-tier AI services with data processing terms that prohibit training on our inputs.
• We do not use AI to make decisions that have a legal or similarly significant effect on individuals without human review.
• We avoid putting client confidential or personal information into AI tools unless covered by our service agreement and the tool's data terms.

If our use of AI changes in a way that affects how personal information is handled, we will update this Policy.

6. Disclosure of Personal Information

We do not sell personal information. We may share it with:

• Our staff and contractors who need it to deliver services.
• Clients and project partners where it is needed for the engagement (for example, sharing a CV during a tender).
• Service providers including cloud hosting, email, CRM, accounting, marketing platforms, and AI service providers.
• Professional advisers such as lawyers, accountants, and insurers.
• Regulators, courts, and law enforcement where required or permitted by law.
• Successors in the event of a business sale, merger, or restructure.

We require our service providers and partners to handle personal information consistently with this Policy and applicable law.

7. Cookies and Tracking

Our website uses cookies and similar technologies for:

• Essential functions (site navigation, security)
• Analytics (understanding how visitors use the site, for example through Google Analytics)
• Performance and preferences (remembering your settings)

You can disable cookies through your browser settings. Disabling essential cookies may affect site functionality. Where required, we will request your consent for non-essential cookies through a cookie banner.

8. Confidentiality of Client Information

We treat client project data as confidential. Access is limited to the team members delivering the engagement. We use non-disclosure agreements with staff, contractors, and partners. Engagement-specific confidentiality terms in your service agreement override this Policy where stricter.

9. Data Security

We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure. Our measures include:

• Access controls and role-based permissions
• Encryption of data in transit
• Multi-factor authentication on key systems
• Vendor due diligence for cloud and software providers
• Staff training on data handling and confidentiality
• Incident response procedures aligned with the Notifiable Data Breaches scheme

No system is fully secure. If we become aware of a data breach that is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required.

10. Data Retention

We keep personal information only for as long as we need it for the purpose it was collected, or as required by law. As a guide:

• Client project records: typically 7 years after engagement closure, in line with tax, professional indemnity, and contractual requirements.
• Marketing contacts: until you unsubscribe or we determine the contact is inactive.
• Recruitment information for unsuccessful applicants: typically 12 months, unless you ask us to keep it longer for future opportunities.
• Website analytics: as defined by the analytics provider's retention settings.

When we no longer need personal information, we destroy or de-identify it.

11. International Data Transfers

We are based in Australia and New Zealand. Some of our service providers (including cloud, email, AI, CRM, and analytics platforms) store or process data in other jurisdictions, including the United States and the European Union. Before disclosing personal information to an overseas recipient, we take reasonable steps to ensure the recipient handles it consistently with the APPs, or we rely on a permitted exception under APP 8.

12. Your Rights

You have the right to:

• Request access to the personal information we hold about you
• Request correction of inaccurate or out-of-date information
• Request deletion of your information, subject to legal and contractual retention requirements
• Withdraw consent or opt out of marketing communications at any time
• Make a complaint about how we have handled your personal information

To exercise any of these rights, contact us using the details in Section 16. We will respond within a reasonable time, generally within 30 days.

13. Complaints

If you believe we have breached the Privacy Act or the APPs, please contact us first using the details in Section 16. We will investigate and respond.

If you are not satisfied with our response, you can lodge a complaint with:

Australia: Office of the Australian Information Commissioner (OAIC), oaic.gov.au, 1300 363 992

New Zealand: Office of the Privacy Commissioner, privacy.org.nz, 0800 803 909

14. Third-Party Links

Our website may link to external sites. We are not responsible for the privacy practices or content of those sites. Review their privacy policies before sharing information.

15. Children's Privacy

Our services are directed at businesses and professionals. We do not knowingly collect personal information from anyone under 18. If we become aware we have collected such information without appropriate consent, we will delete it.

16. Contact Us

PIOTICON Pty Ltd

Email: info@pioticon.com

Phone: +61 432 973 899

Address: Level 6, 320 Adelaide Street, Brisbane QLD 4000, Australia

For privacy-related queries, please use the subject line "Privacy Enquiry".

17. Changes to this Policy

We may update this Policy to reflect changes in our practices, technology, legal requirements, or other factors. We will post the updated version on our website with a new "Last Updated" date. Material changes will be highlighted on our homepage or notified by email where appropriate.