Privacy Notice for California Residents

Effective Date: May 11, 2026

This Privacy Notice for California Residents (“Privacy Notice”) supplements the information contained in Citadel’s Privacy Policy and provides California residents with specific rights with respect to our collection, retention, and use of Personal Information collected when you visit or access www.citadel.com or www.citadelsecurities.com, any of our other websites where this Privacy Notice is posted, or our iOS and Android apps (collectively the “Platforms”) or otherwise interact with us online. It applies to California residents who visit, access, or register with the Platforms, apply for a job with us, receive newsletters or other marketing communications issued by or on behalf of Citadel, or engage with us to use the services that Citadel provides (collectively the “Services”) except as otherwise contractually agreed.

.Any terms not defined in this section have the same meaning as defined in the California Consumer Privacy Act, as amended by the California Privacy Rights Act (“CCPA”).

Please also see our California Privacy Notice at Collection for details regarding our collection and use of your Personal Information. If you are not a resident of California, please see our Privacy Policy for information applicable to you.

A PDF copy of this Privacy Policy is available for printing here.

A. Personal Information We Collect, Use, Disclose, Share, or Sell

Categories of Personal Information We Collect, Categories of Sources of Personal Information, Business or Commercial Purposes for Which Personal Information Will Be Used, and Third Parties with Whom Personal Information is Disclosed

In the course of our business, we collect information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household (“Personal Information”). Depending on how you interacted with us, we may have collected the following categories of Personal Information from you in the last twelve (12) months, which we may also share with third parties for the purposes outlined in this Privacy Notice. The categories below are those identified in the CCPA.

Please note that:

  • We do not collect every type of Personal Information identified in the table below from every consumer. The types of Personal Information we collect consumer depends on how the consumer has interacted with us and the purpose of those interactions. For example, the Personal Information collected on a consumer who visits the website may differ from the information collected on an applicant for employment or someone who engages with us to use our Services.
  • We do not sell your Personal Information for monetary consideration or as that term is traditionally defined. However, we do share your Personal Information as outlined below, including with marketing or advertising activities or analytics tools service providers. You have the right to opt-out of the sharing of Personal Information for certain purposes. For more information or to exercise your rights please see the below section, Your Right to Opt-Out of Sale or Sharing.
Category of Personal Information Collected Types of Personal Information Collected Business or Commercial Purposes for Collection and Use Is Personal Information Sold or Shared?
Identifiers Name, postal address, unique personal identifiers, online identifiers, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers. Under the CCPA, “unique identifier” or “unique personal identifier” means a persistent identifier that can be used to recognize a consumer or a device that is linked to a consumer, over time and across different services, such as an IP address or customer number.
  • To deliver Citadel’s Services to you;
  • For your participation in certain of our programs;
  • To enhance your online experience, including as a way to recognize you and welcome you to the Platforms;
  • To develop new products or Services and to conduct analysis to enhance current products and Services;
  • To analyze your use of and interaction with our Platforms;
  • To review the usage and operations of our Platforms and improve our content, products, and Services;
  • To recognize your online activities over time and across different websites, apps, and devices;
  • To provide you with customized content on our Platforms or via email, telephone, text message, mail, or other marketing channels;
  • To contact you with information, newsletters, and promotional materials from Citadel or on behalf of our business partners, licensees, and affiliates;
  • To serve ads through third-party services (including social media platforms) that are targeted to reach people on those services who are identified in our databases;
  • For recruiting, position advertising, talent management, and employment purposes, including assessment, selection, or conclusion of an employment offer, inclusion in our recruitment database for possible future employment opportunities (with your consent where required), and to comply with our legal and regulatory obligations in relation to recruitment;
  • To contact you when necessary by email, phone, text message, mail, or in-app direct message;
  • To use your data in an aggregated, anonymous, non-specific format for analytical purposes;
  • To address problems with the Services or our business;
  • To protect the security or integrity of the Platforms and our business, such as by protecting against and preventing fraud, unauthorized transactions, claims, and other liabilities and by managing risk exposure, including by identifying potential malicious or unauthorized users or uses; and
  • As otherwise described to you at the point of data collection.
 Yes
Geolocation Data This category may include physical location, such as if you share the information with us at an event. Yes
Sensory Data This category may include audio, electronic, visual, or similar information, such as from the use of security cameras. No
Internet or Other Electronic Activity Information This category may include browsing history, search history, and information regarding interactions with a website, application, or advertisement. Citadel makes reasonable efforts to respect Do Not Track settings in browsers. Yes
Professional or Employment-Related Information This category may include current or past job history or performance. Yes
Personal Information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) and protected classification characteristics under California or federal law This category may include name, signature, Social Security number, physical characteristics, address, phone number, passport number, driver’s license or state ID card number, insurance policy number, education or employment information, financial account numbers, medical information, health insurance information, age, race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex and gender information, veteran or military status, or genetic information. Yes
Sensitive Personal Information Social Security, driver’s license, state ID card, or passport number; a consumer’s account log-in, financial account number, password, or credentials allowing access to an account; a consumer’s precise geolocation; a consumer’s racial or ethnic origin, religious or philosophical beliefs, sexual orientation, or union membership; or the contents of a consumer’s mail, email, and other electronic messages where our business is not the intended recipient of the communication
  • To deliver Citadel’s Services to you;
  • For your participation in certain of our programs;
  • To enhance your online experience, including as a way to recognize you and welcome you to the Platforms;
  • To develop new products or Services and to conduct analysis to enhance current products and Services;
  • To analyze your use of and interaction with our Platforms;
  • To review the usage and operations of our Platforms and improve our content, products, and Services;
  • To use your data in an aggregated, anonymous, non-specific format for analytical purposes;
  • To protect the security or integrity of the Platforms and our business, such as by protecting against and preventing fraud, unauthorized transactions, claims, and other liabilities and by managing risk exposure, including by identifying potential malicious or unauthorized users or uses; and
  • As otherwise described to you at the point of data collection.
 Yes
Commercial Information Records of services obtained, considered, or provided.
  • To deliver Citadel’s Services to you;
  • For your participation in certain of our programs;
  • To enhance your online experience, including as a way to recognize you and welcome you to the Platforms;
  • To develop new products or Services and to conduct analysis to enhance current products and Services;
  • To analyze your use of and interaction with our Platforms;
  • To review the usage and operations of our Platforms and improve our content, products, and Services;
  • To provide you with customized content on our Platforms or via email, telephone, text message, mail, or other marketing channels;
  • To serve ads through third-party services (including social media platforms) that are targeted to reach people on those services who are identified in our databases;
  • To use your data in an aggregated, anonymous, non-specific format for analytical purposes;
  • To address problems with the Services or our business;
  • To protect the security or integrity of the Platforms and our business, such as by protecting against and preventing fraud, unauthorized transactions, claims, and other liabilities and by managing risk exposure, including by identifying potential malicious or unauthorized users or uses; and
  • As otherwise described to you at the point of data collection.
 Yes
Biometric Information This category may include imagery of the face, from which an identifier template, like a face print, can be extracted.
  • To protect the security or integrity of the Platforms and our business, such as by protecting against and preventing fraud, unauthorized transactions, claims, and other liabilities and by managing risk exposure, including by identifying potential malicious or unauthorized users or uses;
  • For identification purposes, including to prevent against any physical threats or harms; and
  • As otherwise described to you at the point of data collection.
 Yes
Non-public Education Information This category may include education records directly related to a student maintained by an educational institution or party acting on its behalf (e.g., grades, transcripts, and student ID numbers).
  • To deliver Citadel’s Services to you;
  • For your participation in certain of our programs;
  • To enhance your online experience, including as a way to recognize you and welcome you to the Platforms;
  • To develop new products or Services and to conduct analysis to enhance current products and Services;
  • To review the usage and operations of our Platforms and improve our content, products, and Services;
  • To recognize your online activities over time and across different websites, apps, and devices;
  • To provide you with customized content on our Platforms or via email, telephone, text message, mail, or other marketing channels;
  • To contact you with information, newsletters, and promotional materials from Citadel or on behalf of our business partners, licensees, and affiliates;
  • To serve ads through third-party services (including social media platforms) that are targeted to reach people on those services who are identified in our databases;
  • For recruiting, position advertising, talent management, and employment purposes, including assessment, selection, or conclusion of an employment offer, inclusion in our recruitment database for possible future employment opportunities (with your consent where required), and to comply with our legal and regulatory obligations in relation to recruitment;
  • To contact you when necessary by email, phone, text message, mail, or in-app direct message;
  • To use your data in an aggregated, anonymous, non-specific format for analytical purposes;
  • To address problems with the Services or our business;
  • To protect the security or integrity of the Platforms and our business, such as by protecting against and preventing fraud, unauthorized transactions, claims, and other liabilities and by managing risk exposure, including by identifying potential malicious or unauthorized users or uses; and
  • As otherwise described to you at the point of data collection.
 Yes
Inferences from Other Personal Information This category may include inferences drawn from the above information that may reflect your preferences, characteristics, predispositions, behavior, interests, attitudes, or similar behavioral information.
  • To deliver Citadel’s Services to you;
  • For your participation in certain of our programs;
  • To enhance your online experience, including as a way to recognize you and welcome you to the Platforms;
  • To develop new products or Services and to conduct analysis to enhance current products and Services;
  • To analyze your use of and interaction with our Platforms;
  • To review the usage and operations of our Platforms and improve our content, products, and Services;
  • To recognize your online activities over time and across different websites, apps, and devices;
  • To provide you with customized content on our Platforms or via email, telephone, text message, mail, or other marketing channels;
  • To contact you with information, newsletters, and promotional materials from Citadel or on behalf of our business partners, licensees, and affiliates;
  • To serve ads through third-party services (including social media platforms) that are targeted to reach people on those services who are identified in our databases;
  • For recruiting, position advertising, talent management, and employment purposes, including assessment, selection, or conclusion of an employment offer, inclusion in our recruitment database for possible future employment opportunities (with your consent where required), and to comply with our legal and regulatory obligations in relation to recruitment;
  • To contact you when necessary by email, phone, text message, mail, or in-app direct message;
  • To use your data in an aggregated, anonymous, non-specific format for analytical purposes;
  • To address problems with the Services or our business;
  • To protect the security or integrity of the Platforms and our business, such as by protecting against and preventing fraud, unauthorized transactions, claims, and other liabilities and by managing risk exposure, including by identifying potential malicious or unauthorized users or uses; and
  • As otherwise described to you at the point of data collection.
 Yes

 

B. Retention of Personal Information

We will only retain the categories of Personal Information described above for as long as is needed to fulfil the purposes for which it was collected. For example, we may require it for our business purposes, to perform our contractual obligations, or where law or regulation obliges us to do so. We will generally retain your Personal Information throughout the lifecycle of your relationship with us. Some Personal Information will be retained after your relationship with us ends.  We expect to delete your Personal Information (at the latest) once there is no longer any local, state, federal, and other legal requirement or legitimate business purpose for retaining your Personal Information.

C. Our Use, Sharing, and Sale of Personal Information.

Over the last twelve (12) months, Citadel did not sell Personal Information. However, we may have shared your Personal Information in the following ways:

Category of Personal Information Shared or Sold Categories of Third Parties to Which Personal Information is Shared or Sold Business or Commercial Purposes
Identifiers
  • With our affiliated companies;
  • With our third party service providers that provide business, professional, or technical support functions for us;
  • As necessary if we believe that there has been a violation of our Terms of Use or of our rights or the rights of any third party;
  • To respond to judicial process or provide information to law enforcement or regulatory agencies or in connection with an investigation on matters related to public safety, as permitted by law, or otherwise as required by law; and
  • As otherwise described to you at the point of collection.
 We may use or disclose the Personal Information we collect for the purposes described in the “Purpose for Personal Data Collection, Use, and Disclosure” Section in Citadel’s Privacy Policy.
Sensitive Personal Information
Personal Information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) and Protected Classification Characteristics under California or federal law
Commercial Information
Internet or Other Similar Activity
Geolocation Data
Biometric Information
Professional or Employment-Related Information (for prospective employees, contractors, or consultants)
Non-Public Education Information (for prospective employees, contractors, or consultants)
Inferences Draft from Other Personal Information

 

D. Our Use and Disclosure of Sensitive Personal Information

Under the CCPA, you have the right to limit our use or disclosure of Sensitive Personal Information. Currently, we are not using your Sensitive Personal Information for purposes that would require that we provide you with a right to limit our use or disclosure because we only use your Sensitive Personal Information in the following ways:

‎(1) To perform the services or provide the goods reasonably expected by an average ‎consumer who requests those goods or services. ‎
‎(2) To prevent, detect, and investigate security incidents that compromise the availability, ‎authenticity, integrity, and/or confidentiality of stored or transmitted Personal ‎Information, provided that the use of your Personal Information is reasonably ‎necessary and proportionate for this purpose. ‎
‎(3) To resist malicious, deceptive, fraudulent, or illegal actions directed at the business ‎and to prosecute those responsible for those actions, provided that the use of your Personal Information is reasonably necessary and proportionate for this ‎purpose. ‎
‎(4) To ensure the physical safety of natural persons, provided that the use of your Personal Information is reasonably necessary and proportionate for this ‎purpose.
‎(5) For short-term, transient use, including, but not limited to, nonpersonalized ‎advertising shown as part of your current interaction with us, provided ‎that the Personal Information is not disclosed to another third party and is not used to ‎build a profile about you or otherwise alter your experience outside ‎the current interaction with us.
‎(6) To perform services on our behalf, provided that the use of your Personal Information is reasonably necessary and proportionate for this purpose.
‎(7) To verify or maintain the quality or safety of a product, service, or device that is ‎owned, manufactured, manufactured for, or controlled by us, and to improve, ‎upgrade, or enhance the service or device that is owned, manufactured by, manufactured ‎for, or controlled by us, provided that the use of your Personal Information is reasonably necessary and proportionate for this purpose.
‎(8) For purposes that do not infer characteristics about you. ‎

E. California Privacy Rights & Choices.

“Shine the Light” and “Eraser” Laws: California Civil Code Section 1798.83 permits California residents to request information regarding our disclosure, if any, of their Personal Information to third parties for their direct marketing purposes. To make a request, please email or write to us using our information provided in the “Contact Us” section below.
Non-affiliated third parties are independent from Citadel. If you wish to receive information about your disclosure choices or stop communications from such third parties, you will need to contact those non-affiliated third parties directly.

CCPA/CPRA: The CCPA, as amended by the CPRA, provides eligible California residents with specific rights regarding our collection, retention, and use of Personal Information.

a) Right to Notice. You have the right to be notified which categories of Personal Information are being collected and the purposes for which the Personal Information is being used, as outlined in our California Notice at Collection and our Privacy Notice.

b) Right to Know and Access. You have the right to request that we provide certain information to you about our collection and use of your Personal Information over the past twelve (12) months. Specifically, you have the right to request disclosure of the categories of Personal Information and specific pieces of Personal Information we collected about you over the last 12 months. Upon submission of a verifiable consumer request, we will disclose to you:

  • the categories and types of Personal Information we collected about you;
  • the categories of sources from which Personal Information was collected;
  • the business or commercial purpose for collecting Personal Information;
  • the business or commercial purpose for disclosing or selling Personal Information; and
  • the categories of third parties with whom we sold or shared Personal Information for a business purpose.

c) Right to Delete. You have the right to request that we delete Personal Information that we have collected and maintain about you, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will conduct a reasonable search of our records to locate any Personal Information we collected about you that is eligible for deletion and delete such Personal Information. To the extent we shared any Personal Information collected about you that is eligible for deletion with service providers, we will direct those service providers to delete that Personal Information.

d) Right to Opt-Out of Sale or Sharing of Personal Information. We do not sell your Personal Information for monetary consideration or as that term is traditionally defined. However, you have the right to opt-out of certain advertising and marketing activities including online tracking and email marketing that involves the sharing of your Personal Information. You can exercise your right to opt-out in the following ways:

  • Opt-Out of Online Tracking: You can exercise your right to opt-out of certain online tracking activities that could be considered a sharing of your Personal Information by selecting “Reject Non-Essential Cookies” on the pop-up banner when you visit our websites or through an opt-out preference signal. If you choose to exercise this right through an opt-out preference signal and we detect such a signal, it will be honored. If you submit a request to opt-out, including through an opt-out preference signal, after you have agreed to our sharing of Personal Information, we will opt you out of any further sharing of your Personal Information.
  • Opt-Out of Other Sales/Sharing: You can exercise your right to opt-out of certain email marketing activities that could be considered a sharing of your Personal Information by contacting us at [email protected].

Please note, we do not knowingly collect or sell the Personal Information of any individuals under the age of 16.

e) Right to Limit Use of Sensitive Personal Information. You have the right to request that we limit our use of any Sensitive Personal Information to those uses that are necessary to provide our services and/or products or for other purposes as defined in the CCPA.

f) Right to Correct. You have the right to request that we correct any inaccurate Personal Information we maintain about you, considering the nature of the Personal Information and the purposes for which we are processing such Personal Information. We will use commercially reasonable efforts to correct such inaccurate Personal Information about you.

g) Right to No Discrimination. We will not discriminate against you for exercising your privacy rights. Unless permitted by applicable law, we will not:

  • Deny you services.
  • Charge you different prices or rates for services, including through granting discounts or other benefits, or imposing penalties.
  • Provide you a different level or quality of services.
  • Suggest that you may receive a different price or rate for services or a different level or quality of services.

Exercising Your California Privacy Rights. To exercise any of your privacy rights described above, please submit a verifiable consumer request to us by either:

Verifying Your Request. Only you, or a person that you authorize to act on your behalf, may make a request related to your Personal Information. In the case of access and deletion, your request must be verifiable before we can fulfill such request. Verifying your request will require you to provide sufficient information for us to reasonably verify that you are the person about whom we collected Personal Information, or a person authorized to act on your behalf. We will only use the Personal Information you have provided in a verifiable request in order to verify your request. Please note that we may charge a reasonable fee or refuse to act on a request if such request is excessive, repetitive or manifestly unfounded.

Authorized Agents. If another individual is submitting a privacy rights request on behalf your behalf, we may require more information from you, or from your “authorized agent” to verify that you are the person directing the agent. We may ask you to provide a signed authorization for your agent to make the request or to verify your identity or confirm your request directly with us.

Response Timing and Format. We endeavor to respond to a verifiable consumer request within forty-five (45) calendar days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. Within ten (10) business days of receiving the request, we will confirm receipt and provide information about our verification and processing of the request. Citadel will maintain consumer requests made pursuant to the CCPA and our response to said requests for at least twenty-four (24) months.

F. Contact Us.

We hope this Privacy Notice answers your questions about our collection, use, and disclosure of your Personal Information. If you have additional questions about this Privacy Notice or the practices described here, you may contact us at [email protected] or write to us at the following address:

Privacy Officer
Citadel Enterprise Americas LLC
830 Brickell Plaza
Miami, FL 33131
You may also call us at +1-305-929-6851.