Privacy Policy

Capital Shield Australia Pty Ltd

Version 1.2
Effective Date: 30 September 2025
Last Reviewed: 30 September 2025
Next Review Due: 30 September 2026

1. OVERVIEW

Capital Shield Australia Pty Ltd is committed to protecting your privacy and ensuring the security of your personal information.
This policy outlines how we collect, use, store, and disclose personal information in accordance with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth). We recognise the importance of your privacy and take reasonable steps to ensure that personal information is handled in a lawful, transparent, and secure manner.

We provide crisis simulation services through our proprietary platform, Foresight, and related consulting activities. This policy applies to all personal information we handle, whether collected through our website, in the delivery of client projects, or during professional interactions.

A full copy of the Australian Privacy Principles can be obtained from the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au

2. WHAT PERSONAL INFORMATION WE COLLECT

Personal Information is information or an opinion that identifies an individual.

Examples of personal information we may collect include:

  • Names and contact details (email, phone, address)
  • Professional titles, roles, or affiliations
  • Details required for event registration or system access
  • Communications you send to us (emails, feedback, or forms)

We do not collect or store sensitive information (as defined in the Privacy Act) such as health data, political opinions, or criminal history unless it is directly relevant to a contractual requirement and consent has been provided.

We do not adopt, use or disclose government-related identifiers as our own identifiers for individuals.

3. HOW WE COLLECT INFORMATION

We collect personal information in several ways, including:

  • Directly from you (through correspondence, forms, or the Foresight platform)
  • Through telephone, email, and online interactions
  • From publicly available sources and publications
  • From third parties with your consent

Where practical, we collect personal information only from you directly. If we receive personal information that we did not request, we will assess whether we could have lawfully collected it under the Privacy Act. If not, we will delete the information as soon as reasonably practicable, provided it is lawful and reasonable to do so.

We take reasonable steps to notify individuals at or before the time we collect personal information, such as through emails or onboarding procedures, by clearly explaining why the information is being collected, how it will be used, and who it may be shared with.

4. WHY WE COLLECT AND USE YOUR INFORMATION

We collect personal information for the following primary purposes:

  • Providing and supporting Capital Shield’s services
  • Delivering and administering simulation exercises
  • Managing security, compliance, and business operations
  • Communicating with clients and participants about upcoming activities
  • Improving our platform, products, and user experience

We may use your personal information to send you updates or information we think may be of interest. You may opt out of these communications at any time using the unsubscribe option or by contacting us.

We will not use your personal information for any purpose unrelated to these activities unless you have consented or we are required or authorised by law to do so.

5. HOW WE USE ARTIFICIAL INTELLIGENCE

Capital Shield’s Foresight platform includes optional, AI-assisted tools that assist our staff and clients in designing fictional training scenarios and communication injects.
No personal, sensitive, or identifying information is transmitted to these tools. AI functions are used solely to generate non-personal, fictional content (e.g., draft news articles or messages) under human supervision.

All AI-assisted outputs are subject to human review prior to use in any exercise. Where content is produced under a client licence, only authorised client personnel who have completed Capital Shield’s Foresight training may review and approve AI-generated material. This ensures compliance with the Australian Privacy Principles and the OAIC’s guidance on AI transparency and data protection.

6. WHERE YOUR DATA IS STORED

For our Australian customers, all data collected by Capital Shield is stored and processed within Australia. We do not transfer personal information overseas. For customers based elsewhere, these terms may differ as agreed upon by both parties.

7. HOW WE PROTECT YOUR INFORMATION

We maintain strict security safeguards to protect personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure.
These include:

  • Encryption of data at rest and in transit
  • Multi-factor authentication
  • Role-based access control
  • Activity logging and secure deletion
  • Options for deployment in sovereign cloud environments for government clients

Our systems are reviewed regularly and maintained to align with Australian Government cybersecurity standards (including the Protective Security Policy Framework and the ASD Essential Eight).

8. WHEN WE MAY SHARE YOUR INFORMATION

We do not sell, rent, or trade personal information. We may disclose personal information only in the following limited circumstances:

  • To clients or partners where disclosure is necessary for contractual delivery
  • To trusted service providers who assist us in operations (e.g., hosting or security monitoring) under strict agreements
  • If required by Australian law or court order

All third-party providers must meet equivalent privacy and security standards.

9. ANONYMITY & PSEUDONYMITY

Where practical and lawful, individuals may engage with us anonymously or by using a pseudonym.
For example, when participating in a simulation, participants may use a designated role title rather than a personal name.

10. YOUR RIGHTS AND ACCESS

You have the right to access and correct personal information held about you. Requests should be submitted in writing to our Privacy Officer (details below).

Capital Shield will respond to all requests within a reasonable period and may require proof of identity. If we refuse access, we will provide written reasons as required by the Privacy Act.

11. HOW LONG WE KEEP YOUR INFORMATION

We will not keep your personal information for longer than we need to. In most cases, this means that we will only retain your personal information for the duration of your relationship with us unless we are required to retain your personal information to comply with applicable laws (for example, record-keeping obligations).

12. CROSS-BORDER DISCLOSURE

Capital Shield does not routinely disclose personal information outside Australia. Where cross-border processing is required, for example, when directed by a client or when using trusted cloud or AI service providers, we take reasonable steps to ensure that any overseas recipients are contractually bound to maintain privacy protections substantially equivalent to those under the Australian Privacy Principles. We only disclose personal information where it is necessary, lawful, and subject to appropriate privacy and security safeguards.

13. NOTIFIABLE DATA BREACHES

If a data breach occurs that is likely to cause serious harm, Capital Shield will:

  1. Promptly contain and investigate the incident
  2. Assess the potential impact
  3. Notify affected individuals and the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches Scheme under the Privacy Act

We maintain a formal incident response plan and conduct regular testing of our procedures.

14. MAINTAINING THE QUALITY OF INFORMATION

We take reasonable steps to ensure that all personal information we hold is accurate, complete, and up to date. If you believe the information we hold is incorrect, please contact us, and we will update it as soon as practicable.

15. POLICY UPDATES

This Privacy Policy may be amended from time to time to reflect changes in legislation, technology, or our practices.
The most current version will always be available on our website at www.capitalshield.com.au/privacy

16. CONTACT AND COMPLAINTS

If you have any questions, concerns, or complaints about how your personal information has been handled, please contact:

Privacy Officer
Capital Shield Australia Pty Ltd
Email: support@capitalshield.com.au

We take all complaints seriously and will respond within a reasonable timeframe.

If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

© 2025 Capital Shield Australia Pty Ltd. All rights reserved.