Important Links
Citi UK Consumer Bank Online Privacy Notice and Cookies Policy - Citi UK

Citi UK Consumer Bank Online Privacy Notice and Cookies Policy

Citi UK Consumer Bank Online Privacy Notice and Cookies Policy

Welcome to Citi consumer banking in the United Kingdom and Jersey. This site provides information about how Citibank UK Limited and Citibank N.A. Jersey Branch (and Canada Square Operations Ltd for divested and closed lines of business) look after and process your personal data as Data Controllers when you visit our consumer (retail) banking sites.

This Citi UK Online Privacy Notice and Privacy Policy applies only to information gathered from this public-facing Internet site and our Online Banking site for customers of Citi UK. We have separate Privacy Notices (i) for global retail and corporate sites that are not directed to Citi UK customers,(ii) for Citi UK Mobile Banking, and (iii) for accounts, products or services of Citi UK. You can access our Citi UK Account, Product and Service Privacy Statements linked here for Citigold and for the Citi International Personal Bank.

Your privacy is our priority. Our goal is to maintain your trust and confidence when processing your personal information. Citi will not disclose or provide any information about you, your accounts, your relationship with Citi, or your usage of the Citi UK and International Personal Bank sites or the Citi UK Online Banking site to third parties for any purpose without your consent except as set forth in this Citi UK Consumer Bank Online Privacy Notice and Cookies Policy statement.

You have choices

As a visitor to this site, you have the opportunity to make choices about cookies and other personal and technical information which Citi collect and process, including any data that you may provide through this site when you sign up to a newsletter, fill a request form to be contacted with information, or apply for a product or service.

The General Data Protection Regulation (EU) 2016/679 (‘GDPR’) and the Privacy and Electronic Communications Directive 2002/58/EC (‘ePrivacy Directive’) continue to be applicable in relation to customers of Citibank UK Limited, as they were incorporated into UK statutes pursuant to the European Union (Withdrawal) Act 2021. The UK GDPR is complemented by the Data Protection Act 2018. Under the aforementioned applicable data law, and any legislation that complements or replaces it in the future, we will provide you with a range of data rights and cookie options. As a result customers in the European Union may see changes: they will no longer receive targeted marketing communications and will note restrictions in new products and online applications and feedback forms.

Customers of the International Personal Bank in Jersey have their personal data protected under the Data Protection (Jersey) Law 2018, which largely mirrors the GDPR.

While we adhere to the data protection law principle of data minimisation under applicable data law, we encourage you to make cookie choices that will enable Citi to provide the best, responsible and personalised experience, and tailor quality products and services that help meet your financial needs and objectives.

Security of personal information

The security of personal information about you is our priority. We protect this information by maintaining physical, electronic, and procedural safeguards that meet applicable data law. We train our employees in the proper handling of personal information. When we use other companies to provide services for us, we require them to protect the confidentiality of personal information they receive as set out below.

Unfortunately, while we strive to protect your personal data, not everything is under our control and no data transmission over the internet can be guaranteed to be 100% secure. You must keep your password and other website registration information you hold secret. You should also control access to your SMS/email communications at all times.

Purpose of this Citi UK Online Privacy Notice and Cookies Policy

Our Citi UK Online Privacy Notice and Cookies policy describes how we may collect, use and share information you provide when you visit this site or the Citi Online Banking site, receive our emails or interact with advertisements and contact forms we place on third-party websites, including social media.

This policy does not cover:

  • Information and comments collected and used on social media sites,
  • Information you provide to the search engines and websites we advertise on and may link to, or any links we may provide to third party websites, plug-ins and applications.

We will notify you before you are redirected from our website to other websites, as third parties may collect or share data about you, if we have no control over those sites. We encourage you to read the privacy policies of these websites.

What information do we collect?

Information Citi collects technical and usage data automatically from your device

When you visit our website, we collect the IP and MAC address of the device you use to connect to the Internet. In addition, we gather information such as the browser and version of it you are using, the device and type of operating system you have, your internet service provider and which sites you were redirected from. If you access this website via your mobile device, we may also collect information about your mobile service provider and your mobile device and may ask for your geographical location to enhance security and provide you with functional information about our services (for example, branch locations). This information allows us to recognise when your device accesses our website and profile your interactions with us and helps us provide an online experience that matches your equipment’s technical specifications.

Some information is collected by cookies or online trackers (see “Use of Cookies” below for more information). Where such cookies are not essential to the operation of the website or provision of a service, we provide you with the option to enable them or to turn them off.

We may collect certain data related to your accessibility requirements, to facilitate the usage of enabling technologies. You have control over our access to these facilities through your browser settings.

We may combine this information with other data we obtained from third party sites that redirect into our sites and from third parties such as

  • (a) Analytics providers (Google and Adobe analytics)
  • (b) Advertising and Social Networks where we place Ads and contact forms (Google, Facebook or LinkedIn)
  • (c) Search information providers (such as Dun & Bradstreet)

Information you provide to Citi (Contact Data, Profile Data and Marketing and Communications Data)

We collect personal data when you send a request for us to contact you, or apply online for one of our banking products or services or provide your details in order to download a publication from Citi. This information may include name, username, phone number, email address, place of residence and other contact information, your card number, CVV security code, postcode, e-pin, secret question, phone number and email.

If you are applying for an account or product, or ordering transactions through this website or the Online Banking site, we collect information that enables us to provide you those services. You should refer to the terms and conditions (and the Citi UK Privacy Statement) referred to in your application, as well as the terms and conditions for this website, to learn more about how your information will be collected and used.

Personal information you provide online is held by one or more of the data controllers named in the initial paragraph of this policy.

Cookies

When you browse our site or receive one of our emails, Citi and the IT network suppliers we engage serve cookies (including online trackers) to collect information and store your online preferences.

Cookies are electronic browser files containing small amounts of information which are set on your device when you visit a website. Cookies data is sent back to the originating website on each subsequent visit, or to another website that recognises that cookie. Cookies are useful because they allow a website to recognise a user’s device.

We use several types of cookies:

Cookie Category First or Third Party Cookies Category Description
Essential First Party These cookies allow you to access different parts of the Citi UK website. They are necessary for the website to function securely and cannot be turned off. They also record your privacy preferences, logging in time and addresses.
Functional First Party These cookies are designed to provide enhanced functionality and personalisation, and used to provide value added services (for example localization cookies on your device to help you find your nearest ATM / Cash Machine).
Analytics First Party These cookies are used to help improve our services, counting visits and traffic. All information collected with these cookies is aggregated and de-personalised such that it is not possible to create a profile of any individual.
Analytics Third Party These cookies are contracted to third party providers and used to help improve our and their services, counting visits and traffic, and are shared with those third parties
Marketing First Party These cookies are placed by Citi to build a profile of your interests in Citi sites. Our first party marketing cookies identify your browser and device, and the time of access.
Marketing Third party These cookies are placed to build a profile of your interests and place Citi adverts on third party sites you visit (such as Google , LinkedIn, Twitter and Facebook).

In addition to the cookies on this website and Citi UK Online Banking:

A list of third party cookies for marketing purposes is available on https://www.citibank.co.uk/personal/cookies.do. We use advertising features in those cookies: AdSense, AdWords, DoubleClick and Customer Match . These help us deliver you adverts and content which may be relevant to you or to track your visits to certain websites and help us understand your browsing activities so that we can measure the success of online advertising campaigns. Information captured and processed typically includes web requests, session ID, browser types, browser languages and/or the date and time of the information requests. Citi is the ultimate controller of such ads. To manage the ads you see, please refer to Google’s Analytics’ opt-out tool or opt out using the features within an ad (the link ‘why am I seeing this ad?’).

We have contractual and technical measures in place to prevent unauthorised access or use of personal information through the use of third party cookies which are processed and stored in the United States.

Please note Adobe Omniture is a brand of Adobe Inc, Microsoft Advertising isa brand of Microsoft, and Google Analytics and the Google Marketing Platform are brands of Google, Inc. Adobe, Microsoft and Google are US electronic communications services providers that are subject to the CLOUD Act (USC 2523) and Foreign Intelligence Surveillance Act (50 USC 36 S. 1801). These two statutes contain provisions that allow federal law enforcement and intelligence agencies to request your browsing and technical data in the US, under certain conditions.

We may use, hosted or sponsored content in third party sites, web browsers, or in social media platforms such as LinkedIn, Twitter and Facebook, for sharing, downloading, liking, commenting and messaging. These features may collect your IP address, location and the webpages you are visiting and may set cookies to enable hosted features to function properly and relay information to Citi. Any such features are managed (opted in and out) in each of those sites, browsers or social media platforms.

No cookie set by Citi on your web browser will contain information that could jeopardize bank secrecy or enable unrelated third parties to gather information about you. All traffic and data analytics are managed, licensed to, or controlled from Citi’s IT networks.

In our sites you can change at any time your cookie settings for marketing, personalisation and analytics cookies used by Citi. You can also prevent third party cookies from tracking you across websites by changing the Privacy settings in your browser.

How do we use the information we collect?

Citi uses the information we collect about and from you to manage our services and customers and to offer an enhanced, personalised online experience on our site and ads, forms and publications in third party websites.

The information we collect allows us to:

  • Verify your identity when you access our information and online banking services
  • Communicate with you (including via email or SMS where such contact details have been provided)
  • Investigate any complaints about the use of the website or our online banking services
  • Tell you about other Citi services or products (where you have elected to receive such information)
  • Provide services in relation to this website, including processing any transactions you request

We may also use the information we collect to:

  • Administer and manage our business including but not limited to meeting legal, regulatory and compliance requirements and operating rules (such as anti-money laundering, regulatory reporting requirements and record maintenance);
  • Monitor and analyse the use of any account to prevent, investigate and/or report fraud, terrorism, misrepresentation or crime;
  • Gather management information to form statistical and trend analysis
  • We may disclose your personal data to other companies within the Citigroup Inc. group of companies and to its or their service providers and agents for the above security purposes. This will be done confidentially and only to the extent permitted under any applicable data protection and bank secrecy laws.

We use your personal data on the legal basis of (i) performing and fulfilling instructions we receive through your interactions with our site and perform any contract we are about to enter into with you; and/or (ii) where it is necessary for our legitimate interests to the extent your own interests and fundamental rights do not override those interests. Your right to object to or not to be contacted for marketing communications will prevail in such circumstances, while activities we undertake to protect the integrity and security of our online banking operation will take precedence in a balance of interests; and(iii) We will also process your personal data where we need to comply with a legal or regulatory obligation under applicable law.

We may process your personal data internally to Citi affiliates, such as Citigroup Technology Inc., (CTI) and Citibank Europe plc for the management of our IT networks in the European Union and the UK. We may also process your information through third parties listed on our Cookie management page. Certain services provided by CTI and Citibank Europe plc or those third parties are provided in the European Union and the United States. Whenever we transfer your personal data in or out of the EU/EEA, we will rely on the adequacy decisions pursuant to which the UK and the EU offer equivalent guarantees to data subjects in respect of their personal data. For transfers to the United States or other third countries we provide a similar degree of protection is afforded by ensuring that one of the following safeguards is implemented:

  • We transfer your data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
  • We use data transfer agreements using standard contractual clauses in the form issued by the European Commission in June 2021 (with the UK Addendum issued by the Information Commissioners Office on 2 February 2022 (which give personal data the same protections afforded under the GDPR, complemented by supplementary technical measures recommended by the European Data Protection Board.

How do we use information from our advertisements on other sites?

We place advertisements by developing and using our own marketing segments that may combine online and offline information about our current and prospective clients. In addition, we may use marketing segments provided by online publishers and network advertising companies.

Marketing segments are groups of unique individuals or users categorised using information such as behaviours, demographics, attitudes and/or geographic differences. Citi and its IT suppliers can create marketing segments by using technologies like IP addresses to compile, over time, aggregated, non-personal information about how consumers are using the internet. They consider where users saw and/or clicked on content and advertisements, and use this information to make inferences and predictions about the users' characteristics, interests and preferences. This information does not identify you personally nor does it report on particular online activities or behaviours.

Network advertising companies that provide these services have their own privacy policies and are not subject to our Citi UK Online Privacy and Cookies policy.

Suppliers mean service providers and/or agents that conduct business on behalf of Citi. The services they provide include, but are not limited to, communications (e.g., email), marketing, data processing, client acquisition and servicing and advertisement management. When we use Suppliers, we require them to protect the confidentiality of information they receive and to comply with any relevant laws (including data protection laws).

How you control information collected and used online?

The information we use about you helps us provide you with products, services and an improved customer experience. You have the ability to control how your non-personal information is collected and used online.

We will be enhancing our compliance with the applicable data protection law providing you additional choices in regard to cookies management, as technology evolves. If you prefer you may also change your browser settings to notify or block when you receive a cookie (including online trackers), which lets you choose whether or not to accept it; and set your browser to automatically not accept any cookies or Delete cookies on the manage your cookies page. Please be mindful that online banking and mobile platforms will not operate if you chose to reject all cookies by default (as our online banking site uses essential cookies that guarantee the security and stability of online transactions). We recommend that you allow all essential cookies from our Online Banking site, which we have designed to be solely essential.

Opting In and Out and EU/EEA and California Residents

You can modify your marketing preferences and ask us or third parties to stop sending you marketing messages at any time by logging into the site and checking or unchecking the relevant boxes on Cookie Management or by following the opt-out links on any marketing message sent to you. If you are, or become an EU/EEA or a US resident, you must update your contact details. In such case, targeted marketing communications and any other offer of retail banking products will be stopped and disabled.

If you are, or will be, a resident of the U.S. State of California, you have certain rights with respect to your Personal Information under the California Privacy Rights Act ("CPRA") as of January 1, 2023. For more information about what this means to you, please click here https://www.citigroup.com/citi/privacy.html.

To access your rights under CPRA, please call U.S. +1-833-981-0270 or click here CPRA non-US Request to print a form and mail to us.

Data Retention

Transient (Session) Information: We retain session information only for each session in which the online page and online banking facility are active, as transient data. The maximum retention period of transient data is one year, counted from the last day of the then current year.

Security Certificates and Cookies: Cookies and certificates will usually expire after one year.

Banking Records: Records of your banking and product transactions are retained in accordance with our Citi UK Privacy Statement.

Data Subject Access Requests and Questions

If you are a Citi customer: see your Citi UK Customer Privacy Statement on retention of personal data and ways to contact us or our Data Protection Officer (details below).

If you are a non-customer: We will retain information we hold from site visitors for a set period (generally one year) counted from the last refresh of marketing or cookies preferences.

As a data subject, in addition to the protections and management options we provide in our websites, you have the right to request access to your personal data, request the correction of any errors or the erasure of data (promptly for marketing data, noting that transactions must observe their legal retention periods), to transfer your data, and to restrict certain types of processing or profiling in relation to marketing. Please note however that upon receiving an instruction to restrict processing we may not be able to continue providing services to you.

Should you have any requests or concerns about your privacy, please contact:

Citi Data Protection Officer (Chief Data Privacy Officer - EMEA)
Citigroup Centre 2 – 9th Floor.
33 Canada Square
London
E14 5LB
United Kingdom

Email: Dataprotectionofficer@citi.com

Notice of changes

From time to time, we may update this Citi UK Online Privacy Notice and Cookies Policy. The effective date of this document stated below, indicates the last time this Citi UK Online Privacy Notice and Cookies Policy was revised or materially changed. Checking the effective date below allows you to determine whether there have been changes since the last time you reviewed the policy.

Effective Date

This policy was last modified on 31 July 2023

Citi FSCS

By using this website, registered in the United Kingdom, you agree to our Terms and Conditions and our Online Privacy Notice and Cookies Policy.

Click here to change your cookies settings

Citibank UK Limited is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority. Our firm's Financial Services Register number 805574. Citibank UK Limited is a company limited by shares registered in England and Wales with registered address at Citigroup Centre, Canada Square, Canary Wharf, London E14 5LB, Companies House Registration No. 11283101. Citibank N.A., Jersey Branch is regulated by the Jersey Financial Services Commission. Citi International Personal Bank is registered in Jersey as a business name of Citibank N.A. The address of Citibank N.A., Jersey Branch is P.O. Box 104, 38 Esplanade, St Helier, Jersey JE4 8QB. Citibank N.A. is incorporated with limited liability in the USA. Head office: 399 Park Avenue, New York, NY 10043, USA.© All rights reserved Citibank UK Limited and Citibank N.A. (2024). CITI®, CITI and Arc Design® are registered service marks of Citigroup Inc. Calls may be monitored or recorded for training and service quality purposes.

Investments are not bank deposits, and are neither obligations of, nor guaranteed by, Citigroup, or any of its affiliates, unless otherwise stated. They are subject to investment risks, including possible loss of the principal amount invested. Past performance is not indicative of future results; investments can go down as well as up.

All products and services offered by Citi International Personal Bank are subject to terms and conditions and you must agree to be bound by them before we can offer any product or service to you. Some products and services may not be available in certain jurisdictions. This website is not intended for distribution to, or use by, any person in any country where such distribution or use would be contrary to local law or regulation and none of the services or investments referred to in this website are available to persons resident in any country where the provision of such services or investments would be contrary to local law or regulation. You should consult your professional advisers as to whether you require any governmental or other consents or need to observe any formalities to enable you to utilise or purchase the products and services described on this website.