Important Links
EU/EEA Consumer Bank Online Privacy Notice and Cookies Policy - Citi UK

EU/EEA Consumer Bank Online Privacy Notice and Cookies Policy

EU/EEA Consumer Bank Online Privacy Notice and Cookies Policy

Welcome to Citi consumer bank in the EU/EEA. This site provides information about how Citibank UK Limited and Citibank N.A. (Jersey Branch) and Canada Square Operations Ltd (for divested and closed lines of business) look after and process your personal data as Data Controllers when you visit our personal (retail) banking sites.

This Online Privacy Notice and Privacy Policy applies only to information gathered from this Internet site. We have separate Online Privacy Notices on Citi global sites that are not directed to EU/EEA customers, for Citi online and mobile banking, and for products or services that you hold with Citi UK, Citi International Personal Bank in Europe or Citigold Private Client Europe. You can access these Privacy Statements here.

Your privacy is our priority. Our goal is to maintain your trust and confidence when processing your personal information. Citi will not disclose or provide any information about you, your accounts, your relationship with Citi, or your usage of the CitiUK IPB and Citigold Private Client EU/EEA sites to any third parties for any purpose without your consent except as set forth in this EU/EEA Consumer Bank Online Privacy Notice and Cookies Policy statement.

You have choices

As a visitor to this site, you have the opportunity to make choices about how cookies and other personal and technical information which Citi collect and process, including any data that you may provide through this site when you sign up to a newsletter, request to be contacted with information, or apply for a product or service.

From the 25th May 2018, date in which the General Data Protection Regulation (GDPR) new privacy ‘gold standard’ becomes effective in the EU we will provide you with a range of cookie options. We encourage you to make choices that will enable Citi to provide a personalised experience and tailor quality products and services that help you meet your financial needs and objectives.

Security of personal information

The security of personal information about you is our priority. We protect this information by maintaining physical, electronic, and procedural safeguards that meet applicable law. We train our employees in the proper handling of personal information. When we use other companies to provide services for us, we require them to protect the confidentiality of personal information they receive as set out below.

Unfortunately, however, while we strive to protect your personal data, not everything is under our control and no data transmission over the internet can be guaranteed to be 100% secure. You must keep your password and other website registration information you hold secret. You should also control access to your SMS/email communications at all times. Find out more about online and email security.

Purpose of this Online Privacy Notice and Cookies Policy

Our Online Privacy Notice and Cookies policy statement describes how we may collect, use and share information you provide when you visit this site, receive our emails or interact with advertisements we have on third-party websites.

This statement does not cover:

  • Information collected and used on social media sites with Citi pages,
  • Information you provide to the websites we advertise on and may link to, or any links we may provide to third party websites, plug-ins and applications.

We will notify you before you are redirected from our site to other sites, as third parties may collect or share data about you, where we have no control over those sites. We encourage you to read the privacy policies on these sites.

What information we collect?

Information Citi collects technical and usage data automatically from your device

When you visit our site, we collect the IP address of the device you use to connect to the Internet. In addition, we gather information such as what browser and which version of it you're using, the device and type of operating system you have, your internet service provider and which site you came from. If you access this website via your mobile device, we may also collect information about your mobile provider and your mobile device and may ask for your geographical location to provide you with information about our services (for example, branch locations). This information allows us to recognise when your device accesses our website and profile your interactions with us and helps us provide an online experience that matches your equipment.

Some information is collected by cookies (see “Use of Cookies” below for more information). Where such cookies are not essential to the operation of the website or provision of a service, we provide you with the option to turn them off.

We may collect certain data related to your accessibility requirements, to facilitate usage of enabling technologies. You have control over our access to these facilities through your browser settings.

We may combine this information with other data we obtained from third party sites that redirect into our sites and from third parties such as

  • (a) Analytics providers (Google and Adobe analytics)
  • (b) Advertising and Social Networks where we place Ads (Google, Facebook or LinkedIn)
  • (c) Search information providers (such as Dun & Bradstreet)

Information you provide to Citi (Contact Data, Profile Data and Marketing and Communications Data)

We collect personal data when you send a request for us to contact you, or apply online for one of our banking products or services or provide your details in order to download a publication. This information may include name, username, phone number, email address, place of residence and other contact information, your card number, security code, postcode, e-pin, secret question, phone number and email.

If you are applying for Citi services through this site, we collect information that enables us to provide you those services. You can refer to the terms and conditions (and the applicable privacy policy) of your application, as well as the terms and conditions for this website, to learn more about how your information will be collected and used.

Personal information you provide online is held by one or more of the data controllers named above.


When you browse our site or receive one of our emails, Citi and suppliers we work with, use cookies to collect information and store your online preferences.

Cookies are electronic browser files containing small amounts of information which are set on your device when you visit a website. Cookies data is sent back to the originating website on each subsequent visit, or to another website that recognises that cookie. Cookies are useful because they allow a website to recognise a user’s device. You can find more information about cookies, including how to see what cookies have been set and how to manage and delete them, at:

We use several types of cookies:

Essential cookies allow our services operate in a secure and reliable manner, and provide basic service functionalities within our sites. These cookies are essential for a banks site and your internet browser will accept them by default. You can set your browser to delete them after each online session or at any time thereafter.

Functional cookies provide enhanced and personalized website functionality and facilitate navigation. These cookies may be set by us or a third party.

Marketing cookies build a profile of your interests and show you appropriate adverts on other websites.

In addition to the cookies on this website we may also use the following cookies:

We may use advertisements on Internet browsers and third party sites, such as AdSense, AdWords and DoubleClick. Online advertisements contain non-personalised cookies for the collection of technical information from devices used by individuals who interact with them: these details are typically web requests, IP addresses, browser types, browser languages and/or the date and time of the information requests. Citi is the ultimate controller of such Ads.

Management of these Ad cookies is not available in our sites but set at your browser level. You can also change your Ad Click and browser settings to manage the ads you see and opt out of personalization at browser level or using the facilities within the ad.

We may use in-use hosted or sponsored content in third party web browsers and in social media sites and mobile apps that contain certain features, such as LinkedIn and Facebook sharing, downloading, liking, commenting and messaging. These features may collect your IP address and which page you are visiting and may set cookies to enable hosted features to function properly which relay information to Citi.

No cookie set by Citi on your web browser will contain information that could jeopardize bank secrecy or enable unrelated third parties to gather information about you. All traffic and data analytics are managed, licensed to, or controlled from Citi’s IT networks.

In our sites, you will be presented with a cookie choices banner and reminded to refresh your options from time to time. We also provide options for detailed cookie management on third party cookies. For browser level privacy choices, you may visit the help pages provided within your browser or and others.

More information on the cookies that may be set on your device can be found on the manage your cookies page.

How do we use the information we collect?

Citi uses the information we collect about and from you to manage our business and to offer an enhanced, personalised online experience on our site and third party websites.

The information we collect allows us to:

  • Verify your identity when you access the services on this website
  • Communicate with you (including via email or SMS where such contact details have been provided)
  • Investigate any complaints about the use of the website
  • Tell you about other Citi services or products (where you have elected to receive such information)
  • Provide services in relation to this website, including processing any transactions you request

We may also use the information we collect to:

  • Administer and manage our business including but not limited to meeting legal, regulatory and compliance requirements and operating rules (such as anti-money laundering, regulatory reporting requirements and record maintenance);
  • Monitor and analyse the use of any account to prevent, investigate and/or report fraud, terrorism, misrepresentation or crime;
  • Gather management information to form statistical and trend analysis
  • We may disclose your personal data to other companies within the Citigroup Inc. group of companies and to its or their service providers and agents for the above purposes. This will be done confidentially and only to the extent permitted under any applicable data protection and secrecy laws.

We use your personal data on the legal basis of performing and fulfilling instructions we receive through your interactions with our site and perform any contract we are about to enter into with you; and/or where it is necessary for our legitimate interests to the extent your own interests and fundamental rights do not override those interests: Your right to object or not to be contacted for marketing will usually prevail in such circumstances, while activities we undertake to protect the integrity and security of our banking operation will be preserved; and/or where we need to comply with a legal or regulatory obligation.

We may process your personal data through internal third parties, such as Citigroup Technology Inc., (CTI) our Citi affiliate managing IT networks and applications. We may also process your information through specific third parties listed on our Cookie management page. Certain services provided by CTI and those third parties are provided in the United States. Whenever we transfer your personal data out of the EU/EEA to the United States or other countries we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • We will only transfer your data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
  • We may use specific data transfer agreements using standard contractual clauses approved by the European Commission which give personal data the same protections afforded in the EU.
  • Where we use suppliers based in the United States, we may transfer data to them under the Privacy Shield scheme which requires them to provide an equivalent level of data protection to that in the EU.

How do we use information from our advertisements on other sites?

We place advertisements by developing and using our own marketing segments that may combine online and offline information about our current and prospective clients. In addition, we may use marketing segments provided by online publishers and network advertising companies.

Marketing segments are groups of unique individuals or users categorised using information such as behaviours, demographics, attitudes and/or geographic differences. Companies can create marketing segments by using technologies like IP addresses to compile, over time, aggregated, non-personal information about how consumers are using the internet. They consider where users saw and/or clicked on content and advertisements, and use this information to make inferences and predictions about the users' characteristics, interests and preferences. This information does not identify you personally nor does it report on particular online activities or behaviours.

Network advertising companies that provide these services have their own privacy policies and are not subject to our Online Privacy and Cookies policy.

Companies we work with are service providers and/or agents that conduct business on behalf of Citi. The services they provide include, but are not limited to, communications (e.g., email), marketing, data processing, client acquisition and servicing and advertisement management. When we use other service providers and/or agents to provide services for us, we require them to protect the confidentiality of information they receive and to comply with any relevant laws (including data protection laws) as indicated above.

How you control information collected and used online?

The information we use about you helps us provide you with products, services and an improved customer experience. You have the ability to control how your non-personal information is collected and used online.

We are complying with the new EU General Data Protection Regulation (EU) 2016/679 providing you with cookies management tools and choices in ways of communicating with you. You can change your preferences anytime.

You may change your cookies settings as set out above. If you prefer you may also change your browser settings to notify you when you receive a cookie, which lets you choose whether or not to accept it; Set your browser to automatically not accept any cookies or Delete cookies on the manage your cookies page. Please be mindful that online banking and mobile platforms will not operate if you reject all cookies (as there are cookies that guarantee the security and stability of online transactions).

Opting Out

You can ask us or third parties to stop sending you marketing messages at any time by logging into the site and checking or unchecking the relevant boxes on Cookie Management or by following the opt-out links on any marketing message sent to you.

Data Subject Access Requests and Questions

If you are a Citi customer: see your EU/EEA Customer Privacy Statement on retention of personal data and ways to contact us or our Data Protection Officer (details below).

If you are a non-customer: We will retain information we hold from site visitors for a set period (generally one year) counted from the last refresh of marketing or cookies preferences.

As a data subject, in addition to the rights and controls we provide in our sites, you have the right to request access to your personal data, request the correction of any errors or the erasure of data (promptly for marketing data but not in relation to transactions, which must observe their legal retention periods), to transfer your data, and to restrict certain types of processing or marketing profiling. Please note however that upon receiving an instruction to restrict processing we may not be able to continue providing services to you.

Should you have any requests or concerns about your privacy, please contact:

Data Protection Officer (Chief Data Privacy Officer - EMEA)
33 Canada Square
E14 5LB
United Kingdom

Notice of changes

From time to time, we may update this EU/EEA Online Privacy Notice and Cookies Policy. The effective date of this document stated below, indicates the last time this Online Privacy Notice and Cookies Policy was revised or materially changed. Checking the effective date below allows you to determine whether there have been changes since the last time you reviewed the policy.

Effective Date

This policy was last modified 16 September 2019.