Privacy Policy

Effective date: 2 April 2026
Last updated: 2 April 2026

1. About This Policy

Platform Venture Partners Pty Ltd(ABN 74 643 475 076) (“Horizon Labs”, “we”, “us”, “our”) is committed to protecting the privacy of personal information we collect and handle.

This policy explains how we collect, hold, use, and disclose personal information in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), the Notifiable Data Breaches (NDB) scheme, and, where applicable, the General Data Protection Regulation (EU) 2016/679 (“GDPR”).

Horizon Labs is an Australian-based venture studio providing technology, product, and consulting services. We process personal information as both a data controller (for our own personnel, candidates, and business contacts) and, where engaged by clients, as a data processor on their behalf.

This policy is freely available to any individual upon request and is published on our website.

2. What Personal Information We Collect

“Personal information” means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether true or not, and whether recorded in a material form or not (Privacy Act 1988, section 6).

“Sensitive information” is a subset of personal information that includes health information, racial or ethnic origin, political opinions, religious beliefs, sexual orientation, criminal record, biometric data, and trade union membership. We only collect sensitive information where required by law or with your explicit consent.

Depending on your relationship with us, we may collect:

Employees, contractors, and candidates

Name, date of birth, gender, nationality, and contact details
Tax file number (TFN), superannuation, and bank account details for payroll
Employment history, qualifications, and professional references
Police check results (where required for specific client engagements)
Working rights documentation (visa status, passport details)
Performance, leave, and attendance records

Clients and business contacts

Contact details and organisational information
Project-related personal information provided by or on behalf of clients
Contractual and billing information

Website visitors

IP address and device identifiers
Browser type, operating system, and screen resolution
Cookies and similar tracking data (see Section 10)
Website usage data and analytics

3. How We Collect Information

Directly from you

Employment applications, onboarding forms, and contracts
Website contact forms, email, telephone, and video conferences
Face-to-face meetings

From third parties

Recruitment agencies and referees
Clients providing information about their personnel for project delivery
Background check providers (police checks, qualification verification)
Publicly available sources (professional networking sites, company registers)

Automatically

Cookies, analytics tools, and server logs when you visit our website (see Section 10)

Consent

We obtain consent for the collection of personal information through:

Signed employment agreements and contractor agreements
Website cookie consent banners and privacy notices
Verbal or written consent for specific collection purposes

You may withdraw consent at any time by contacting us. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.

4. Why We Collect and Use Your Information

We collect and use personal information for the following purposes:

Employment administration, payroll, and workforce management
Recruitment and candidate assessment
Delivery of technology and consulting services to our clients
Managing client relationships and contractual obligations
Complying with legal and regulatory obligations (including taxation, employment law, and privacy law)
Security monitoring and incident response
Improving our services and website
Communicating with you about our services

Lawful basis for processing (GDPR)

Where GDPR applies, we process personal data on the following legal bases:

Contract: processing necessary for the performance of a contract (employment, service agreements).
Legal obligation: processing necessary to comply with applicable laws (taxation, employment, privacy).
Legitimate interests: processing necessary for our legitimate business interests, provided those interests are not overridden by your rights and freedoms. Our legitimate interests include workforce management, service delivery, business development, and security. We conduct a balancing test before relying on this basis and document our assessment.
Consent: where we rely on consent, you have the right to withdraw it at any time.

5. Who We Share Your Information With

We may disclose personal information to the following categories of recipients:

Service providers who assist us in delivering our services (see Section 11).
Client organisations, where we provide services on their behalf and the disclosure is necessary for service delivery.
Legal and regulatory bodies, where required by law or to protect our legal rights (e.g., the Australian Taxation Office, the Office of the Australian Information Commissioner, courts, and tribunals).
Professional advisors, including lawyers, auditors, and insurers.

We do not sell personal information to third parties.

6. Cross-Border Disclosure

Horizon Labs is an Australian-based company. In the course of our operations, personal information may be disclosed to recipients located overseas, including in the Philippines, the United States, and other countries where our service providers operate.

Before disclosing personal information to an overseas recipient, we take reasonable steps to ensure that the recipient handles information in accordance with the Australian Privacy Principles. These steps include contractual arrangements, due diligence on the recipient’s privacy and security practices, and verification of relevant security certifications.

Horizon Labs remains accountable for the handling of personal information by its overseas recipients.

If you would like to know the specific countries to which your personal information may be disclosed, please contact us using the details in Section 17.

7. Direct Marketing

Horizon Labs does not currently use personal information for direct marketing purposes. If this changes in the future, we will update this policy and ensure that:

You are informed that your information may be used for direct marketing.
You can easily opt out of receiving direct marketing communications at any time.
We comply with the Spam Act 2003 (Cth).

If you are a subscriber to any Horizon Labs communications and wish to unsubscribe, you may do so by using the unsubscribe link provided in each communication or by contacting us using the details in Section 14.

8. Anonymity and Pseudonymity

You have the option of dealing with Horizon Labs anonymously or by pseudonym where it is lawful and practicable.

However, this may not always be possible. For example, we cannot process an employment application or provide services under a client agreement without verifying your identity. Where anonymity or pseudonymity is not practicable, we will explain why.

9. How We Protect Your Information

Horizon Labs takes reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification, and disclosure.

Our security measures include:

Encryption of data at rest and in transit (AES-256, TLS 1.2 or higher).
Multi-factor authentication (MFA) for all systems.
Role-based access controls and the principle of least privilege.
Endpoint detection and response on all company devices.
Regular security awareness training for all personnel.
Incident response procedures for security events and data breaches.
Regular review of access permissions and security controls.

10. Cookies and Tracking Technologies

Our website may use cookies and similar technologies to improve your experience and to collect usage data.

What we use

Essential cookies: required for core website functionality (e.g., session management). These cannot be disabled.
Analytics cookies: used to understand how visitors interact with our website. These collect anonymised usage data including pages visited, time on site, and referral source.

Your choices

You can manage cookie preferences through your browser settings. Disabling non-essential cookies will not affect core website functionality. Where we use analytics cookies, data is collected in aggregate and is not used to identify individuals.

11. Service Providers

We engage third-party service providers to assist in delivering our services. These providers may process personal information on our behalf in the following categories:

Identity and access management
Human resources and payroll administration
Cloud infrastructure and hosting
Email and workplace collaboration
Endpoint security and device management
Project management and work tracking
Security awareness and training
Password and credential management

All service providers are subject to contractual obligations regarding the handling of personal information, including data security requirements and restrictions on use and disclosure. We conduct due diligence on service providers before engagement and review arrangements periodically.

A detailed register of our current service providers is available on request by contacting us using the details in Section 17.

12. Data Retention

We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. When personal information is no longer needed, we destroy or de-identify it in accordance with the Australian Privacy Principles.

General retention periods:

Employee and contractor records: seven (7) years after the end of the employment or engagement relationship.
Candidate records (unsuccessful applicants): twelve (12) months.
Client and project records: in accordance with contractual requirements, or seven (7) years where no contract specifies.
Website analytics data: de-identified and retained for the purposes of trend analysis.

13. Your Rights

Access

You have the right to request access to the personal information we hold about you. We will respond to access requests within thirty (30) days. There is generally no charge for accessing your personal information, although we may charge a reasonable fee for administrative costs if a request is manifestly excessive or repeated.

Correction

You have the right to request correction of personal information that is inaccurate, out of date, incomplete, irrelevant, or misleading. There is no charge for requesting a correction. We will respond within thirty (30) days.

Erasure / Deletion

Under the GDPR (where applicable), you have the right to request deletion of your personal data where it is no longer necessary for the purpose it was collected, you withdraw consent, or there is no overriding legitimate interest. Under the Privacy Act, we will destroy or de-identify personal information that is no longer needed in accordance with the Australian Privacy Principles.

Restriction of processing

Under the GDPR (where applicable), you may request restriction of processing in certain circumstances, including where you contest the accuracy of the data.

Data portability

Under the GDPR (where applicable), you have the right to receive your personal data in a structured, commonly used, and machine-readable format.

Right to object

Under the GDPR (where applicable), you may object to processing based on legitimate interests or for direct marketing purposes. Where you object to direct marketing, processing will cease immediately.

To exercise any of these rights, please contact us using the details in Section 17.

14. Automated Decision-Making

Horizon Labs does not currently use automated decision-making (including profiling) that produces legal effects or similarly significantly affects individuals.

We are aware of forthcoming Australian obligations regarding automated decision-making under forthcoming Privacy Act amendments (expected to take effect from December 2026). In preparation, we commit to:

Maintaining an inventory of any AI or automated systems that process personal information.
Conducting impact assessments before deploying any automated decision-making system that may significantly affect individuals.
Providing clear disclosure of any automated decision-making practices, including the logic involved and the envisaged consequences.
Ensuring individuals can request human review of any decision made solely by automated means.

15. Notifiable Data Breaches

Horizon Labs complies with the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988.

If we become aware of a data breach that is likely to result in serious harm to individuals, we will:

Complete an assessment within thirty (30) days (or sooner where practicable).
Notify the Office of the Australian Information Commissioner (OAIC) and affected individuals as soon as practicable.
Provide affected individuals with details of the breach, the kinds of information involved, and recommended steps they should take.

16. Complaints

If you believe we have breached the Australian Privacy Principles or mishandled your personal information, you may lodge a complaint with us.

How to complain

Our process

Acknowledgement: we will acknowledge your complaint within five (5) business days.
Investigation: your complaint will be investigated by a person with appropriate authority and independence.
Response: we will provide a written response within thirty (30) days, outlining the findings and any remedial actions taken.
Review: if you are not satisfied with the outcome, you may request a review by senior management.

External resolution

If you are not satisfied after our internal process, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

Online: www.oaic.gov.au/privacy/privacy-complaints
Telephone: 1300 363 992
Post: GPO Box 5218, Sydney NSW 2001

Where GDPR applies, individuals may also lodge a complaint with the relevant supervisory authority in the European Economic Area.

17. Contact Us

For privacy enquiries, access or correction requests, or complaints:

Privacy Officer
Platform Venture Partners Pty Ltd
Email: privacy@horizonlabs.au
Post: PO BOX 4077, Wishart, VIC 3189, Australia

18. Changes to This Policy

We may update this policy from time to time to reflect changes in our practices, applicable laws, or organisational structure. When we make material changes, we will update the “last updated” date at the top of this policy.

We encourage you to review this policy periodically.