Protecting Your Privacy
Who is The Citadel Group?
What is Personal Information?
Personal information includes information or an opinion about an individual from which that individual is reasonably identifiable. For example, this may include your name, age, gender, postcode and contact details. It may also include financial information, including your credit card information.
What Sort of Personal Information Might We Collect and Hold?
In its business operations, Citadel may collect information in order to provide services to you, your employer, or a person providing services to you. Depending on circumstances, the types of information we collect could include:
- your name, address, telephone number;
- your email address or Medicare number;
- (depending on the service you are using), Your physical location;
- (if your healthcare professional uses our Virtual Rooms product), your medical information, including diagnoses and diagnostic test results.
How Does Citadel Collect My Personal Information?
We may collect your personal information in a number of ways, including:
- directly from you through our technology assets, phone calls to our service desks, when you submit an application form or send us a CV, or when you download and use digital apps;
- from other parties (like your treating healthcare professional, your employer, personal representatives, credit reporting agencies, social media sites, and our related companies);
- from public sources, such as the internet;
- from organisations we list under “When do you disclose my personal information?” (see below);
- when we’re required to do so by law
If you don’t provide us with your personal information, we may be unable to provide you with our services, or your service provider may be unable to provide you with their services.
How Does Citadel Use My Personal Information?
We may hold, use and disclose your personal information as requested by, or consented to, by you to:
- provide services to you, your employer or your service provider;
- operate, protect, improve and optimise our website, services, business and our users’ experience, such as to perform analytics;
- send you service, support and administrative messages, reminders, technical notices, updates, security alerts, and information requested by you;
- provide you with information about new services provided by Citadel or its service providers that may be of interest or relevant to your practice or business;
- comply with our legal obligations, resolve any disputes that we may have with any of our users, and enforce our agreements with third parties; and
- consider your employment application.
To Whom Might Citadel Disclose My Personal Information?
We may disclose your personal information to:
- our employees;
- third party suppliers and service providers (including providers for the operation of our cloud hosting services, websites and/or our business or in connection with providing our services to you);
- professional advisers, dealers and agents;
- payment systems operators (eg: merchants receiving card payments);
- Medicare, Health Funds or other billing services;
- our existing or potential agents, business partners or partners;
- anyone to whom our assets or businesses (or any part of them) are transferred;
- specific third parties authorised by you to receive information held by us; and/or
- other persons, including government agencies, regulatory bodies and law enforcement agencies, or as required, authorised or permitted by law.
Sensitive Personal Information and Government Identifiers
Citadel only collects sensitive personal information in the form of health information where it is doing so in support of a healthcare professional that uses Citadel’s Virtual Rooms service to provide services to their clients.
In these circumstances, Citadel will only use that health information to enable the healthcare professional to provide their services. These services include administering the health professional’s appointments and processing payments to Medicare and any relevant health fund.
If we collect a Medicare number, we will use it in accordance with the Healthcare Identifiers Act 2010 (Cth).
Communications and Marketing
We may use your Personal Information to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any email we send or by contacting us.
Compliance with Laws
We may disclose your personal information in special situations where we have reason to believe that doing so is necessary to identify, contact or bring legal action against anyone damaging, injuring or interfering (intentionally or unintentionally) with our rights or property, users or anyone else who could be harmed by such activities.
We will disclose your Personal Information where required to do so by law or subpoena or if we believe that such action is necessary to comply with the law and the reasonable requests of law enforcement or to protect the security or integrity of our Service.
Maintaining The Security of Your Information
We use a variety of physical and electronic security measures, including restricting physical access to our offices, network firewalls, maintaining secure databases and implementing access controls to keep personal information secure from misuse, interference and loss, and unauthorised access, modification or disclosure.
Citadel also monitors developments in security and encryption technologies as part of its continued data security efforts.
Will Citadel Transfer My Personal Information Outside Australia?
Citadel may hold your information on computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.
We may disclose your personal information overseas to our service providers who assist us in providing services to you or your employer. If we do so it will be for the purposes of providing services to our customers and our service providers will be contractually bound to use your information only for the purposes of which it is disclosed.
Additional Information for EU Residents
Are there Additional Rules for Applications?
Some apps might collect information about your location. This can help us give you or your employer the right service in the right place. Your employer may mandate the use of location services, but if they don’t, we will give you the ability to turn off the location services setting on your mobile device. Just remember, this could result in Citadel being unable to provide you with the service you need.
How Do Citadel Clients Manage My Personal Information?
Citadel specialises in providing secure cloud document management systems to enterprise clients, such as government agencies, health service operators and similar clients. When we do so, we may have access to your personal information at the request of the client, when we provide support to those clients. Those Citadel employees with this type of access are carefully controlled and all work under contractual obligations of confidentiality. If you wish to obtain more information about personal information that one of our clients holds in our infrastructure, you should contact them in the first instance.
Links to Other Sites?
How Can I Access or Correct My Personal Information?
We do everything we can to make sure your personal information is accurate and up to date. If you identify an error or want to know more about the personal information we hold about you, please contact us using the links below. We may have to verify your identity to make the correction or to provide the information we hold about you.
Sometimes, we may not be able to provide you with access to all of your personal information and, where this is the case, we will tell you why.
How Do I Complain About My Personal Information?
We take your privacy seriously. If you have any concerns, or you think your personal information is inaccurate or has been handled in a way that doesn’t comply with the Australian Privacy Principles, please send an e-mail to firstname.lastname@example.org. It will help us if you can provide as much detail as possible about your problem.
Once we receive your complaint, we will be in touch to let you know how long it might take us to investigate. Sometimes investigations can take up to 30 days. We will regularly update you as to the progress of your complaint. If you aren’t satisfied with our response, you may contact the Office of the Australian Information Commissioner.
What Happens if Citadel Changes This Policy?
Cookies are files with small amount of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a web site and stored on your computer’s hard drive. We use “cookies” to collect information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.
Log Data is information your browser or an app sends us when you access our services or technology assets, and may include information such as your computer’s Internet Protocol (“IP”) address, browser type, browser version, the pages of our services that you visit, the time and date of your visit, the time spent on those pages and other statistics. In addition, we may use third party services such as Google Analytics that collect, monitor and analyze this type of information in order to increase our Service’s functionality. These third party service providers have their own privacy policies addressing how they use such information. You should refer to these for further information.
- by email at email@example.com;
- by post at: The Privacy Officer, Citadel Group Limited, Level 19, 459 Collins Street, Melbourne VIC 3000; or
- by telephone on +61 2 6124 0800.
Effective date: 14 July 2019
To download a PDF version of this Policy please click here.