Protecting Your Privacy
The Citadel Group Pty Limited (ACN 127 151 026) (Citadel) is committed to respecting your privacy. We are bound by the Australian Privacy Principles contained in the Privacy Act, and our Privacy Policy sets out how we collect, use, store and disclose your personal information.

By providing personal information to us, you consent to our collection, use and disclosure of your personal information in accordance with this Privacy Policy and any other arrangements that apply between us.

We may change our Privacy Policy from time to time by publishing changes to it on our website. We encourage you to check our website periodically to ensure that you are aware of our current Privacy Policy.

Who is Citadel Group?
The Citadel Group Pty Limited (Citadel) is an Australian technology and software company specialising in secure enterprise information management. We provide secure information management to support national security, defence and other enterprises in Australia and overseas. 

What is Personal Information?
Personal information includes information or an opinion about an individual from which that individual is reasonably identifiable. For example, this may include your name, age, gender, postcode and contact details. It may also include financial information, including your credit card information.

What Sort of Personal Information Might We Collect and Hold?
In its business operations, Citadel may collect information in order to provide services to you, your employer, or a person providing services to you. Depending on circumstances, the types of information we collect could include:

• your name, address, telephone number; 
• your email address;
• (depending on the service you are using), Your physical location;
• We may also collect technical data (Log Data) from your use of our technology assets (such as our software, website, mobile applications, and social media pages). We also use cookies to improve your use of our technology assets.

How Does Citadel Collect My Personal Information?
We may collect your personal information in a number of ways, including:

• directly from you through our technology assets, phone calls to our service desks, when you submit an application form or send us a CV, or when you download and use digital apps;
• from other parties (like your employer, personal representatives, credit reporting agencies, social media sites, and our related companies);
• from public sources, such as the internet;
• from organisations we list under “When do you disclose my personal information?” (see below);
• when we’re required to do so by law

If you don’t provide us with your personal information, we may be unable to provide you with our services, or your service provider may be unable to provide you with their services.

How Does Citadel Use My Personal Information?
We may hold, use and disclose your personal information as requested by, or consented to, by you to:

• provide services to you, your employer or your service provider;
• operate, protect, improve and optimise our website, services, business and our users’ experience, such as to perform analytics;
• send you service, support and administrative messages, reminders, technical notices, updates, security alerts, and information requested by you;
• provide you with information about new services provided by Citadel or its service providers that may be of interest or relevant to your practice or business;
• comply with our legal obligations, resolve any disputes that we may have with any of our users, and enforce our agreements with third parties; and
• consider your employment application.

To Whom Might Citadel Disclose My Personal Information?
We may disclose your personal information to:

• our employees;
• third party suppliers and service providers (including providers for the operation of our cloud hosting services, websites and/or our business or in connection with providing our services to you);
• professional advisers, dealers and agents;
• payment systems operators (eg: merchants receiving card payments);;
• our existing or potential agents, business partners or partners;
• anyone to whom our assets or businesses (or any part of them) are transferred;
• specific third parties authorised by you to receive information held by us; and/or
• other persons, including government agencies, regulatory bodies and law enforcement agencies, or as required, authorised or permitted by law.
• Sensitive Personal Information and Government Identifiers

Communications and Marketing
We may use your Personal Information to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any email we send or by contacting us.

Compliance with Laws
We may disclose your personal information in special situations where we have reason to believe that doing so is necessary to identify, contact or bring legal action against anyone damaging, injuring or interfering (intentionally or unintentionally) with our rights or property, users or anyone else who could be harmed by such activities.

We will disclose your Personal Information where required to do so by law or subpoena or if we believe that such action is necessary to comply with the law and the reasonable requests of law enforcement or to protect the security or integrity of our Service.

Maintaining The Security of Your Information
We use a variety of physical and electronic security measures, including restricting physical access to our offices, network firewalls, maintaining secure databases and implementing access controls to keep personal information secure from misuse, interference and loss, and unauthorised access, modification or disclosure.

Citadel also monitors developments in security and encryption technologies as part of its continued data security efforts.

Will Citadel Transfer My Personal Information Outside Australia?
Citadel may hold your information on computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.

We may disclose your personal information overseas to our service providers who assist us in providing services to you or your employer. If we do so it will be for the purposes of providing services to our customers and our service providers will be contractually bound to use your information only for the purposes of which it is disclosed.

If you are located outside Australia and choose to provide information to us, please note that we transfer the information, including Personal Information, to Australia and process it there. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

Additional Information for EU Residents
If you are a resident in the European Union, and have provided us with your personal information in order for us to provide you with a service, or to carry out an instruction (such as to register you as a shareholder in The Citadel Group Pty Limited), your personal information will be handled, used and disclosed in accordance with the Australian Privacy Act 1988 (Cth), the Australian Privacy Principles, and this Privacy Policy.

Are there Additional Rules for Applications?
When we create applications (apps), we make sure they’re developed in accordance with the Privacy Act, our Privacy Policy, and guidelines set by operating system providers such as Apple iOS, Google Android and Microsoft Windows. This includes any guidelines relating to privacy.

We’ll only ever collect, use and disclose personal information provided to us through your use of our apps in the ways set out in this Privacy Policy.

Some apps might collect information about your location. This can help us give you or your employer the right service in the right place. Your employer may mandate the use of location services, but if they don’t, we will give you the ability to turn off the location services setting on your mobile device. Just remember, this could result in Citadel being unable to provide you with the service you need.

Some Citadel apps may use interfaces, APIs and tools built into hardware you already own and use. Examples of these are voice-activated search functions using Apple’s Siri® Voice Recognition Software, Microsoft’s Cortana®, Amazon’s Alexa® and Google Home’s® functions. Your use of these interfaces is governed by the terms of use and Privacy Policies applied by their respective owners. Please read these carefully as Citadel does not control these elements of its service.

How Do Citadel Clients Manage My Personal Information?
Citadel specialises in providing secure cloud document management systems to enterprise clients, such as government agencies, and similar clients. When we do so, we may have access to your personal information at the request of the client, when we provide support to those clients. Those Citadel employees with this type of access are carefully controlled and all work under contractual obligations of confidentiality. If you wish to obtain more information about personal information that one of our clients holds in our infrastructure, you should contact them in the first instance.

Links to Other Sites?
Our Service may contain links to other sites that are not operated by us. If you click on a third party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over, and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

How Can I Access or Correct My Personal Information?
We do everything we can to make sure your personal information is accurate and up to date. If you identify an error or want to know more about the personal information we hold about you, please contact us using the links below. We may have to verify your identity to make the correction or to provide the information we hold about you.

Sometimes, we may not be able to provide you with access to all of your personal information and, where this is the case, we will tell you why.

How Do I Complain About My Personal Information?
We take your privacy seriously. If you have any concerns, or you think your personal information is inaccurate or has been handled in a way that doesn’t comply with the Australian Privacy Principles, please send an e-mail to privacy@thecitadelgroup.com.au. It will help us if you can provide as much detail as possible about your problem.

Once we receive your complaint, we will be in touch to let you know how long it might take us to investigate. Sometimes investigations can take up to 30 days. We will regularly update you as to the progress of your complaint. If you aren’t satisfied with our response, you may contact the Office of the Australian Information Commissioner.

What Happens if Citadel Changes This Policy?
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page. If we make any material changes to this Privacy Policy, we will notify you either through the email address you have provided us, or by placing a prominent notice on our website.

Definitions
Cookies are files with small amount of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a web site and stored on your computer’s hard drive. We use “cookies” to collect information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

Log Data is information your browser or an app sends us when you access our services or technology assets, and may include information such as your computer’s Internet Protocol (“IP”) address, browser type, browser version, the pages of our services that you visit, the time and date of your visit, the time spent on those pages and other statistics. In addition, we may use third party services such as Google Analytics that collect, monitor and analyse this type of information in order to increase our Service’s functionality. These third party service providers have their own privacy policies addressing how they use such information. You should refer to these for further information.

Contact Us
If you wish to contact us regarding this Privacy Policy, please contact the Citadel Privacy Officer:

• by email at privacy@citadelgroup.com.au;
• by post at: The Privacy Officer, Citadel Group Limited, Level 46, 600 Bourke Street, Melbourne VIC 3000; or
• by telephone on +61 2 6124 0800. 

Effective date: 2 May 2023