Welcome to Citi consumer bank in the EU/EEA. This site provides information about how Citibank UK Limited and Citibank N.A. (Jersey Branch) and Canada Square Operations Ltd (for divested and closed lines of business) look after and process your personal data as Data Controllers when you visit our personal (retail) banking sites.
Your privacy is our priority. Our goal is to maintain your trust and confidence when processing your personal information. Citi will not disclose or provide any information about you, your accounts, your relationship with Citi, or your usage of the CitiUK IPB and Citigold Private Client EU/EEA sites to any third parties for any purpose without your consent except as set forth in this EU/EEA Consumer Bank Online Privacy Notice and Cookies Policy statement.
You have choices
As a visitor to this site, you have the opportunity to make choices about how cookies and other personal and technical information which Citi collect and process, including any data that you may provide through this site when you sign up to a newsletter, request to be contacted with information, or apply for a product or service.
From the 25th May 2018, date in which the General Data Protection Regulation (GDPR) new privacy ‘gold standard’ becomes effective in the EU we will provide you with a range of cookie options. We encourage you to make choices that will enable Citi to provide a personalised experience and tailor quality products and services that help you meet your financial needs and objectives.
Security of personal information
The security of personal information about you is our priority. We protect this information by maintaining physical, electronic, and procedural safeguards that meet applicable law. We train our employees in the proper handling of personal information. When we use other companies to provide services for us, we require them to protect the confidentiality of personal information they receive as set out below.
Unfortunately, however, while we strive to protect your personal data, not everything is under our control and no data transmission over the internet can be guaranteed to be 100% secure. You must keep your password and other website registration information you hold secret. You should also control access to your SMS/email communications at all times. Find out more about online and email security.
Purpose of this Online Privacy Notice and Cookies Policy
Our Online Privacy Notice and Cookies policy statement describes how we may collect, use and share information you provide when you visit this site, receive our emails or interact with advertisements we have on third-party websites.
This statement does not cover:
We will notify you before you are redirected from our site to other sites, as third parties may collect or share data about you, where we have no control over those sites. We encourage you to read the privacy policies on these sites.
What information we collect?
Information Citi collects technical and usage data automatically from your device
When you visit our site, we collect the IP address of the device you use to connect to the Internet. In addition, we gather information such as what browser and which version of it you're using, the device and type of operating system you have, your internet service provider and which site you came from. If you access this website via your mobile device, we may also collect information about your mobile provider and your mobile device and may ask for your geographical location to provide you with information about our services (for example, branch locations). This information allows us to recognise when your device accesses our website and profile your interactions with us and helps us provide an online experience that matches your equipment.
We may collect certain data related to your accessibility requirements, to facilitate usage of enabling technologies. You have control over our access to these facilities through your browser settings.
We may combine this information with other data we obtained from third party sites that redirect into our sites and from third parties such as
Information you provide to Citi (Contact Data, Profile Data and Marketing and Communications Data)
We collect personal data when you send a request for us to contact you, or apply online for one of our banking products or services or provide your details in order to download a publication. This information may include name, username, phone number, email address, place of residence and other contact information, your card number, security code, postcode, e-pin, secret question, phone number and email.
Personal information you provide online is held by one or more of the data controllers named above.
Cookies are electronic browser files containing small amounts of information which are set on your device when you visit a website. Cookies data is sent back to the originating website on each subsequent visit, or to another website that recognises that cookie. Cookies are useful because they allow a website to recognise a user’s device. You can find more information about cookies, including how to see what cookies have been set and how to manage and delete them, at: www.allaboutcookies.org
We use several types of cookies:
Essential cookies allow our services operate in a secure and reliable manner, and provide basic service functionalities within our sites. These cookies are essential for a banks site and your internet browser will accept them by default. You can set your browser to delete them after each online session or at any time thereafter.
Functional cookies provide enhanced and personalized website functionality and facilitate navigation. These cookies may be set by us or a third party.
Marketing cookies build a profile of your interests and show you appropriate adverts on other websites.
In addition to the cookies on this website we may also use the following cookies:
We may use advertisements on Internet browsers and third party sites, such as AdSense, AdWords and DoubleClick. Online advertisements contain non-personalised cookies for the collection of technical information from devices used by individuals who interact with them: these details are typically web requests, IP addresses, browser types, browser languages and/or the date and time of the information requests. Citi is the ultimate controller of such Ads.
Management of these Ad cookies is not available in our sites but set at your browser level. You can also change your Ad Click and browser settings to manage the ads you see and opt out of personalization at browser level or using the facilities within the ad.
We may use in-use hosted or sponsored content in third party web browsers and in social media sites and mobile apps that contain certain features, such as LinkedIn and Facebook sharing, downloading, liking, commenting and messaging. These features may collect your IP address and which page you are visiting and may set cookies to enable hosted features to function properly which relay information to Citi.
No cookie set by Citi on your web browser will contain information that could jeopardize bank secrecy or enable unrelated third parties to gather information about you. All traffic and data analytics are managed, licensed to, or controlled from Citi’s IT networks.
In our sites, you will be presented with a cookie choices banner and reminded to refresh your options from time to time. We also provide options for detailed cookie management on third party cookies. For browser level privacy choices, you may visit the help pages provided within your browser or www.youronlinechoices.com and others.
More information on the cookies that may be set on your device can be found on the manage your cookies page.
How do we use the information we collect?
Citi uses the information we collect about and from you to manage our business and to offer an enhanced, personalised online experience on our site and third party websites.
The information we collect allows us to:
We may also use the information we collect to:
We use your personal data on the legal basis of performing and fulfilling instructions we receive through your interactions with our site and perform any contract we are about to enter into with you; and/or where it is necessary for our legitimate interests to the extent your own interests and fundamental rights do not override those interests: Your right to object or not to be contacted for marketing will usually prevail in such circumstances, while activities we undertake to protect the integrity and security of our banking operation will be preserved; and/or where we need to comply with a legal or regulatory obligation.
We may process your personal data through internal third parties, such as Citigroup Technology Inc., (CTI) our Citi affiliate managing IT networks and applications. We may also process your information through specific third parties listed on our Cookie management page. Certain services provided by CTI and those third parties are provided in the United States. Whenever we transfer your personal data out of the EU/EEA to the United States or other countries we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
How do we use information from our advertisements on other sites?
We place advertisements by developing and using our own marketing segments that may combine online and offline information about our current and prospective clients. In addition, we may use marketing segments provided by online publishers and network advertising companies.
Marketing segments are groups of unique individuals or users categorised using information such as behaviours, demographics, attitudes and/or geographic differences. Companies can create marketing segments by using technologies like IP addresses to compile, over time, aggregated, non-personal information about how consumers are using the internet. They consider where users saw and/or clicked on content and advertisements, and use this information to make inferences and predictions about the users' characteristics, interests and preferences. This information does not identify you personally nor does it report on particular online activities or behaviours.
Network advertising companies that provide these services have their own privacy policies and are not subject to our Online Privacy and Cookies policy.
Companies we work with are service providers and/or agents that conduct business on behalf of Citi. The services they provide include, but are not limited to, communications (e.g., email), marketing, data processing, client acquisition and servicing and advertisement management. When we use other service providers and/or agents to provide services for us, we require them to protect the confidentiality of information they receive and to comply with any relevant laws (including data protection laws) as indicated above.
How you control information collected and used online?
The information we use about you helps us provide you with products, services and an improved customer experience. You have the ability to control how your non-personal information is collected and used online.
We are complying with the new EU General Data Protection Regulation (EU) 2016/679 providing you with cookies management tools and choices in ways of communicating with you. You can change your preferences anytime.
You may change your cookies settings as set out above. If you prefer you may also change your browser settings to notify you when you receive a cookie, which lets you choose whether or not to accept it; Set your browser to automatically not accept any cookies or Delete cookies on the manage your cookies page. Please be mindful that online banking and mobile platforms will not operate if you reject all cookies (as there are cookies that guarantee the security and stability of online transactions).
You can ask us or third parties to stop sending you marketing messages at any time by logging into the site and checking or unchecking the relevant boxes on Cookie Management or by following the opt-out links on any marketing message sent to you.
Data Subject Access Requests and Questions
If you are a Citi customer: see your EU/EEA Customer Privacy Statement on retention of personal data and ways to contact us or our Data Protection Officer (details below).
If you are a non-customer: We will retain information we hold from site visitors for a set period (generally one year) counted from the last refresh of marketing or cookies preferences.
As a data subject, in addition to the rights and controls we provide in our sites, you have the right to request access to your personal data, request the correction of any errors or the erasure of data (promptly for marketing data but not in relation to transactions, which must observe their legal retention periods), to transfer your data, and to restrict certain types of processing or marketing profiling. Please note however that upon receiving an instruction to restrict processing we may not be able to continue providing services to you.
Should you have any requests or concerns about your privacy, please contact:
Data Protection Officer (Chief Data Privacy Officer - EMEA)
33 Canada Square
Notice of changes
From time to time, we may update this EU/EEA Online Privacy Notice and Cookies Policy. The effective date of this document stated below, indicates the last time this Online Privacy Notice and Cookies Policy was revised or materially changed. Checking the effective date below allows you to determine whether there have been changes since the last time you reviewed the policy.
This policy was last modified 16 September 2019.