The Information Plum Collects and How we use it.
If you are a candidate or employee using Plum
To get started with Plum, you will need to create an account and complete your profile. When you create an account at Plum.io, we collect the following information from you in order to:
- provide tailored career advice,
- provide employers assessments of your suitability for jobs, and
- assess our algorithm safety and compliance.
We do not sell this information or use it to create a profile for sale.
The basics
We collect your name and email. We use this to identify you.
Your Plum Talents.
You are asked to complete the Plum Discovery survey. The Discovery Survey is a carefully designed questionnaire that will be used to build a psychometric profile of your work-related behaviors, which we call your Plum Talents. You may choose not to complete the discovery survey, but this really is the core of your Plum experience. Without completing the survey, you will get little value from Plum.
Your Plum Talents will be used to:
- Provide you with insights and resources to help you with your career decisions; and
- If you are a candidate applying for a job, provide a score to enable the potential employer to assess your fit for one or more job opportunities; or
- If you are an employee,
- provide insights to your employer on how to develop your talents,
- provide a score to enable your employer to assess your fit for one or more internal job opportunities,
- provide a score to enable your employer to assess your leadership potential, and
- use your (de-identified) profile data as input to an organizational culture assessment
We provide the capability to share all or select portions of your Plum Talents on your social media.
Additional Details about You
You will be given the opportunity to provide additional details about yourself:
- The city is which you are located,
- Your LinkedIn Profile,
- Your employment status,
- Summary information about your work experience,
- Languages, and
- Your work preferences.
The information you provide here is made available to employers when you apply for a job opportunity or use Plum as part of your employers talent management program.
Plum uses this information to tailor the guidance provided to you.
None of this information is required
Demographics
You will be given the opportunity to provide demographic details:
- The year you we born
- The gender with which you identify
- Your race or ethnicity
- Your disability status
This information is used only by Plum and is not shared with employers. Plum uses this information to assess our matching algorithms for bias (adverse effects) and for compliance reporting.
Your activity on the Plum site
When you are logged into your account, we collect information about your activity within the Plum Platform to help us keep the platform secure and your information safe and to help us diagnose problems with the Platform. We also use this information to report aggregate statistics on Platform use. A log record will contain some or all of the following information:
- IP address
- Time and date of access
- Browser type and version used
- Network protocols used
- Unique user identifier
- User email
- Component accessed
- Action taken
Generally, user content is not collected in log records. The exception are database logs which include full details of each transaction.
Accommodation Requests
If you require an accommodation when completing the Plum Discovery Survey, a record of the accommodation including the nature of the accommodation will be kept. This information is used internally by Plum to report on compliance and to improve our platform and processes. It may also be used when assessing our algorithms for bias. This information will not be shared with employers without your explicit consent.
If you access Plum on behalf of an employer (bucket user) to access employer services.
Personal information collected in this context is limited to the following. We do not sell this information or use it to create a profile for sale.
The basics
We collect your name and email. We use this to identify you.
Your activity on the Plum site
When you are logged into your account, we collect information about your activity within the Plum Platform to help us keep the platform secure and your information safe and to help us diagnose problems with the Platform. We also use this information to report aggregate statistics on Platform use. A log record will contain some or all of the following information:
- IP address
- Time and date of access
- Browser type and version used
- Network protocols used
- Unique user identifier
- User email
- Component accessed
- Action taken
Generally, user content is not collected in log records. The exception are database logs which include full details of each transaction.
Marketing Collections
We collect personal information to promote our offerings.
When you visit our marketing websites (www.plum.io), we collect information about your visit using cookies and related technologies. We use this information to understand how our site is used, and with your consent to present you with advertisements tailored to your interests. Information captured by cookies may include:
- The pages you visit,
- The time you spend on each page,
- How you got to the site,
- And what you clicked on.
- Settings (e.g., language selection)
When you contact us directly or engage with us through our website and social media, we may collect the following personal information:
- First and last name,
- Contact information (e.g., email address, phone number, mailing address),
- Information about how, when, and where the interaction occurred,
- Content of conversations,
- The hardware and software you use to interact with us,
- Your device identifier,
- Your mobile network information,
- The settings you use on our services,
- Your network location,
- Your IP address, and
- Information about the webpages you visited prior to coming to our website.
We also collect personal information from third parties (see sub-processors). Such personal information may include your name, email address, employer, job title, location, and phone number.
Consent and Legal Basis for Processing
Plum relies solely on consent as the basis for its collection and use of personal information.
Account Information
Plum obtains your consent to collect your name, email and account activity data when you create an account on the Plum Platform. You can only withdraw this consent by requesting your account be deleted.
We may obtain your name and email address from your employer or potential employer. We will use this information to either contact you to create an account, to contact you to allow the employer access to your Plum Profile, or to provide a job assessment based on your Plum Profile.
Plum Profile
Consent to collect and use your Plum Profile (Plum Talents and Additional Details) and to collect Activity Logs is obtained explicitly from each user when they create an account on Plum. You may withdraw consent to use your additional details at any time by simply removing the data from your Plum Profile. You may withdraw your consent to retain and use your Plum Talents, by deleting your account.
If you are a candidate, consent to provide access to your Plum Profile to assess your fit for one or more job opportunities is obtained the first time you apply to a given employer. You may withdraw consent for access by an employer by writing to privacy@plum.io. Note, when you give an employer access to your Plum profile, you are consenting to their privacy practices related to the information they receive from Plum. So while you may withdraw consent for future use of your profile, you will need to contact the employer directly regarding past use.
If you are an employee, Plum processes data related to your Plum Profile, on behalf of your employer and use of your personal information is governed by your employer’s privacy practices. Consent to process the information collected and held by Plum is established with your employer. That said, Plum will request your consent to collect and share your information when you establish your account and will limit its service provision to your employer to the purposes described above. Note, if your employer has received your consent to share additional information, Plum will provision this information on instructions from the employer.
Marketing Information
We gain your consent to collect information via cookies whenever you visit any of our marketing sites from a new browser. You may change or withdraw your consent at any time by selecting Cookie Settings in the footer of any page.
We gain consent to collect contact information when you engage with us as part of the engagement. You may withdraw this consent by following the instructions received in any correspondence Plum sends you or by emailing privacy@plum.io.
Our partners who provide us with contact information have your direct or indirect consent to share such information. You may withdraw this consent by following the instructions received in any correspondence Plum sends you or by emailing privacy@plum.io.
Data Minimization
Plum integrates privacy into its product planning process. The privacy requirements of each feature are assessed, documented, and reviewed by our privacy team to ensure that personal information collected and used is necessary to deliver the feature.
Use, Retention, and Disclosure Limitation
Plum Profile
Plum considers your Plum Profile to be your information. As a candidate, you control all use and sharing of your information as described above. As it is your information you control its retention.
Plum Profile data is shared with only with your consent as described above.
Demographic data contained in your Plum Profile are not shared.
Log Information
Plum uses Log Information solely for the purposes of securing the Plum Platform and diagnosing and resolving problems with the Platform. This information is retained for a minimum of 12 months to a maximum of 24 months, unless a hold is placed in support of an investigation.
Log information is generally not shared, however, Plum may share log data with customers to support incident investigations. When doing so, Plum applies the principle of data minimization to ensure we share only what is necessary to support the investigation. In most cases this means data shared is de-identified or anonymized
Marketing Data
Marketing data is subject to a fine-grained retention regime. This regime is adjusted regularly and is designed to comply with laws and regulations, ensure validity of the data, and ensure continued validity of consent.
Marketing data may be shared with select sales and marketing partners.
Requests from Public Authorities
Should Plum receive a request from a Public Authority for access to personal information, Plum will support such requests only if required by law.
Data Subject Rights
Plum fully supports the right of data subjects in any jurisdiction, to access, correct, or delete their information. In many situations, data subjects can exercise these rights in the Plum Platform. Data subjects may also submit requests at privacy@plum.io or through help@plum.io.
Note, if you feel your Plum Talents do not represent you, you can amend these only by retaking the Discovery Survey. This can be done by selecting Retake Discovery Survey in the settings area of your account.
Information Protection
Technical Controls
Encryption
All personal information is encrypted at rest using AES 256 GCM and in transit using TLS 1.2 or higher
Access Control
Plum implements robust role-based access controls in the Plum Platform to ensure access to your personal information is limited to authorized personnel with a need to know.
Data Loss Prevention
Plum employees data loss protection on its email servers, file sharing, and endpoints to limit the risk that personal information is improperly disclosed.
Audit and Logging
Plum maintains detailed application and system logs so we can identify and investigate data breaches and other security incidents.
Monitoring
Both automated and manual monitoring of the system and logs is performed to identify potential breaches.
Subcontractor Management
All subcontractors are assessed and monitored to ensure their privacy practices do not expose your data.
Plum Platform Subcontractors
| Subcontractor | Role |
|
Amazon Web Services (US) |
Platform hosting and primary data store. |
|
ZenDesk (US) https://www.zendesk.com/company/agreements-and-terms/privacy-notice/ |
Application support messaging and ticket management |
|
Pendo.io (US) |
Front-end data logging and analysis |
|
Microsoft (Canada) |
Email and document management in support of operations |
|
Asana (US) |
Customer engagement management and secure file transfer. |
Marketing Subcontractors
| Subcontractor | Role |
|
Hubspot |
Website hosting and customer relationship management |
|
Google Analytics |
Web traffic analysis |
|
Google Ads |
Advertisement targeting |
|
|
Contact referrals |
|
Zoom Info |
Contact referrals, market nterest analysis |
|
Lusha https://www.lusha.com/legal/privacy-notice
|
Contact referrals |
|
Reveal |
Sales and marketing partnership management |
Operational Controls
Data Protection Officer
Privacy practices and operations are overseen by our Data Protection Officer
Bill Brierley
privacy@plum.io
or, write to
Plum.io Inc.
ATTN: Data Protection Office
151 Charles St. W. Suite 100
Kitchener, Ontario N2G 1H6
Canada
Training
All staff are trained on privacy protection annually.
Record Keeping
Application logs contain detail records of personal data access.
All interactions regarding data subject rights requests and their resolution are recorded.
Breach Notifications
Customers are notified within 48 hours of confirmation that a privacy breach is likely.
Data subjects are notified once, a data breach has been confirmed.