We understand the value of your personal information, respect your right to privacy and are committed to maintaining your confidence and trust. This commitment includes:

  • providing clear and complete information to you regarding collection, use and disclosure of your data
  • obtaining your consent before collecting or using data provided either by you or by your iPhone, iPod or iPad touch (ie user, device and locational data)
  • collecting and using your data only as necessary in order to provide a service or function that is directly relevant to your use of Citicus MOCA or Citicus Barista
  • ceasing collection, use or disclosure if you revoke consent for our use of your data
  • protecting your data from unauthorized use, disclosure or access by third parties.

Collection, use and disclosure of your data

Our collection, use and disclosure of data relating to your use of Citicus MOCA is governed by Citicus MOCA's terms and conditions of use. These come into effect when you download Citicus MOCA and remain in effect until terminated by yourself or Citicus in accordance with the agreement; and are summarised below under the following headings:

  • Your consent
  • Data we may collect
  • How we use your data
  • How we protect your data
  • How you can cease or withdraw your consent.

Your consent

By sending completed criticality assessments to Citicus Barista for processing or by communicating to Citicus in connection with Citicus MOCA or Citicus Barista you consent to our storing and using the information you provide for the purposes and in the ways outlined below.

Data we may collect

Citicus may collect three classes of data from you in connection with Citicus MOCA or Citicus Barista:

  • Completed assessments: Citicus MOCA is designed to help you assess how critical individual assets are to your enterprise. The application will yield high-quality results when used as a free-standing application. If you choose to send completed assessments to Citicus Barista for processing, Citicus Barista will email additional results to you in PDF form, to an email address you supply. These results include a Criticality Status Report, a completed Criticality assessment form and Recorded notes and comments.
  • Feedback and service requests: If you communicate with us in connection with Citicus MOCA or Citicus Barista, we will record your email address, identity and the substance of your communication and our response(s) to you.
  • Website usage data: If you visit our public web site (www.citicus.com) or the web site supporting the Citicus Barista service, our web servers will automatically collect and aggregate information about your visit, including your IP address, service provider, browser type, domain names of referring websites, operating system, pages accessed on our website, and the date and time of your access.

How we use your data

We may and normally will use the data you provide as follows:

  • Criticality assessments you send to Citicus Barista for processing will be used solely for the purpose of compiling the results we send back to you in PDF form via email. Your data and results are entirely confidential to you. For continuity, we will store each completed assessment you send but it will be used for no other purpose than for providing your results. No information you provide will be viewed by us for any purpose other than diagnosing and remedying any problem that arises in producing them.
  • Feedback and service requests you send us will be recorded and used for the purpose of resolving queries and for prioritising fixes and enhancements. If we need additional information from you to respond to a service request, we will explain why we need the additional information and how it will be used at the time of the request and it will be used solely for that purpose.
  • Website usage data will be used solely for the purpose of optimising our websites.
  • Your name and email address may be used to provide you with tips or alerts regarding your use of our risk and compliance management solutions and for advising you of special offers, new services or products that are directly related to Citicus MOCA or Citicus Barista (for example, availability of new features, workarounds, or new products that extend our range of risk and compliance management software). No data you provide will be shared with third-parties.

How we protect your data

Any data you provide will be backed up overnight. Back-ups are encrypted and moved to a secure off-site storage facility periodically. If you choose to send completed assessments for processing by Citicus Barista, Citicus MOCA will transmit your data to Citicus Barista via a secure means of communication (HTTPS) and it will be processed entirely automatically in our secure processing facility with your results being returned to you by email which you can secure as follows:

  • you can enter a PDF encryption password into Citicus MOCA which will be passed to the remote processing service you select (either an instance of Citicus ONE licensed to your organisation or our Citicus Barista service) which will use it to encrypt your PDF results before they are emailed to you
  • you will be able to decrypt your PDF results on receipt using the cryptographic capabilities of WinZip or equivalent, subject to the availability of editions that can decrypt files encrypted in 256 bit AES in your country.

How you can revoke your consent

You can use Citicus MOCA to cease collection, use or disclosure of any data you have sent to Citicus Barista for processing by clicking the button labelled Delete all my data on the About my data screen presented by the application. This will cause all your data to be deleted. Your data will be re-deleted automatically in the event that a back-up containing your data is restored (eg to resume the Citicus Barista service after an unscheduled outage).

If you wish to opt out of receiving tips, alerts and advisory material from us via email, you can at any time request an opt out by emailing citicusmoca-feedback@citicus.com or by following the 'unsubscribe' instructions contained within a communication.