INFORMATION

INFORMATION

PRIVACY NOTICE

This page was last updated on October 3, 2019.

This Privacy Notice (the “Notice”) governs how Citi collects, uses, and discloses personal information from and about users of Citi websites and apps that link to this Notice (collectively, the “Services”). We advise you to read the Notice in its entirety, including the jurisdiction-specific provisions in the appendix to this Notice, which will apply to users in certain jurisdictions.

Please note that if you are a Citi customer, additional privacy notices may apply to you as a customer of a particular Citi business, and this Notice does not replace or revise any other privacy notice that may be applicable to personal information collected or used by Citi through that customer relationship with Citi.

Personal Information Collected Through the Services

Citi collects and uses certain personal information in order to operate and provide you with access to the Services. This includes information that you provide to us and information that we collect automatically when you visit or interact with the Services.

Information That You Provide to Us

We collect personal information that you voluntarily provide to us when you use the Services. This information includes, without limitation: your email addresses, telephone numbers, and other contact details; the identity of your current employer and other biographical information; submissions to our Ethics Hotline; feedback on our websites or mobile apps; online preferences, such as Citi News alerts selections; and business information, such as your company name, your role, and industry.

Information That We Collect About Your Use of the Services

We collect information about your use of the Services and about the device you use to access the Services, including: the pages you request and visit; the posts you submit; information on your interaction with other users; information obtained in the course of maintaining or supporting the Services; information about your internet use, such as your IP address, the URLs of sites from which you arrive or leave the Services, your type of browser, your operating system, your internet service provider; and, if you access the Services via your mobile device, we may also collect information about your mobile provider and type of mobile device.

We (and our service providers) use different technologies to collect this information, including cookies and web beacons. Cookies are small data files stored on your hard drive or in device memory that help us improve our Services and your experience, see which areas and features of our Services are popular, and count visits. Web beacons are electronic images that may be used in our Services or emails and help deliver cookies, count visits, and understand usage and campaign effectiveness. For more information about cookies and how to disable them, please see “Your Choices” below.

Advertising and Analytics Services Provided by Others

We may allow others to provide analytics services and serve advertisements on our behalf across the web and in mobile applications. These entities may use cookies, web beacons, device identifiers and other technologies to collect information about your use of the Services and other websites and applications, including your IP address, web browser, mobile network information, pages viewed, time spent on pages or in apps, links clicked, and conversion information. This information may be used by us and others to, among other things, analyze and track data, determine the popularity of certain content, deliver advertising and content targeted to your interests on our Services and other websites, and better understand your online activity. For more information about interest-based ads, or to opt out of having your web browsing information used for behavioral advertising purposes, please visit www.aboutads.info/choices. Your device may also include a feature (“Limit Ad Tracking” on iOS or “Opt Out of Interest-Based Ads” or “Opt Out of Ads Personalization” on Android) that allows you to opt out of having certain information collected through apps used for behavioral advertising purposes.

How Personal Information Is Used

We use the information we collect to provide, maintain, and improve the Services. We also use the information we collect to:

  • Send you technical notices, updates, security alerts, and support and administrative messages (such as changes to our terms, conditions, and policies) and to respond to your comments, questions, and customer service requests;
  • Receive and respond to your submissions on the Services such as submissions on Citi News, Site Feedback, and the Ethics Hotline;
  • Permit you to participate in voluntary polls and surveys (we may use third parties to deliver incentives to you to participate in such polls and surveys, and you may be required to provide your contact details to the third party in order to fulfill the incentive offer);
  • Communicate with you about products, services, and events offered by Citi and others, and provide news and information we think will be of interest to you (see “Your Choices” below for information about how to opt out of these communications at any time);
  • Monitor and analyze trends, usage, and activities in connection with our Services;
  • Develop new products and services and enhance current products and services;
  • Detect, investigate, and prevent fraudulent transactions and other illegal activities, and protect the rights and property of Citi and others; and
  • Carry out any other purpose described to you at the time the information was collected.

How Personal Information Is Shared

We may share your personal information as follows or as otherwise described in this Notice:

  • To support certain Citi entities’ use of information in accordance with this Notice (a list of Citi entities who may access your personal information can be found at http://www.sec.gov/Archives/edgar/data/831001/000083100115000043/citi-exhibit2101x12312014.htm);
  • With third parties that host, maintain, manage, or provide other services to us in relation to the Services;
  • To cooperate with public and government authorities and law enforcement, to respond to a request, or to provide information we believe is important;
  • For other legal reasons, such as to monitor compliance with and enforce our terms and conditions, to protect our rights, privacy, safety, or property, and/or that of our affiliates, you or others, to protect against fraud, crime, illegal activity, anti-money laundering, or anti-terrorism, and for risk management purposes; and
  • In connection with a sale or business transaction, such as to an acquiring entity or its advisors in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings).

We may also share aggregated or de-identified information that cannot reasonably be used to identify you.

Children

Our Services are not designed for children and do not knowingly collect personal data from children. If you have reason to believe that a child has provided personal data to us, please contact us, and we will endeavor to delete that information from our databases.

Links to Other Websites

The Services may contain links to other websites. Please note that Citi is not responsible for the privacy or information security practices of other websites. You should carefully review the applicable privacy and information security policies and notices for any other websites you click through to via the Services. This Notice applies solely to your personal information collected by the Services.

Security

We seek to use reasonable physical, electronic, and procedural measures to safeguard personal information within our organization against loss, theft, and unauthorized use, disclosure, or modification. Unfortunately, however, no data transmission over the internet can be guaranteed to be 100% secure. As a result, while we strive to protect your information, we cannot guarantee its security.

Your Choices

Marketing Emails and Citi News Alerts

If you no longer want to receive marketing-related emails from us or Citi News Alerts, you may opt out by following the instructions contained within each such email or through the communications center in your account profile. We will try to comply with your request as soon as reasonably practicable. Please note that if you opt out of receiving marketing-related emails or Citi News Alerts, we may still send you administrative messages, from which you cannot opt out.

Cookies

Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove or reject browser cookies. Please note that if you choose to remove or reject cookies, this could affect the availability and functionality of our Services.

Changes to This Notice

From time to time, we may revise this Notice. Changes may be made for any number of reasons, including to reflect industry initiatives, changes in the law, and changes to the scope of the Services, among other reasons. You can tell when we last updated the Notice by checking the date at the beginning of the Notice. Any changes will become effective when we post the revised Notice on the Services.

Contact Us

If you have any other questions concerning this Notice, you may submit them using our Contact Us form.

Appendix

Supplemental provisions regarding individuals in the EEA

If you are in the European Economic Area (“EEA”), you have certain rights and protections under the law regarding the processing of your personal data.

Legal Basis for Processing

If you are in the EEA, when we process your personal data we will only do so in the following situations:

  • We need to use your personal data to perform our responsibilities under our contract with you (e.g., to facilitate your participation in voluntary polls and surveys).
  • We have a legitimate interest in processing your personal data. For example, we may process your personal data to send you marketing communications, to communicate with you about changes to the Services, and to provide, secure, and improve our Services.
  • We find such processing is necessary to comply with our legal obligations.
  • We have your consent to do so. When consent is the legal basis for our processing, you may withdraw such consent at any time.

Data Subject Requests

You may have certain rights with respect to the personal information which Citi holds about you, including the right to access or correct (and sometimes, object to or delete) the information. If you would like to request to review, correct, update, suppress, restrict or delete personal information that you have provided to us, object to the processing of personal Information, or if you would like to receive an electronic copy of your personal information for purposes of transmitting it to another company (to the extent this right to data portability is provided to you by applicable law) you may contact our GDPR Data Protection Officer by mail at Citigroup Centre, Canada Square, Canary Wharf, London, E14 5LB. We will respond to your request consistent with applicable law.

For your protection, we may only implement requests with respect to the personal information associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable. Please note that we may need to retain certain information for recordkeeping purposes and/or to complete any transactions that you began prior to requesting a change or deletion.

Data Retention

We retain personal information for as long as needed or permitted in light of the purpose(s) for which it was obtained and consistent with applicable law. The criteria used to determine our retention periods include:

  • The length of time we have an ongoing relationship with you and provide the Services to you (for example, for as long as you keep using the Services);
  • Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them); or
  • Whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation, or regulatory investigations).

Data Controller

Except as otherwise specified on any subsections within sites or apps that comprise the Services, such as the Careers, Alumni, or Citi Consumer Banking subsections, your personal information will be controlled by Citigroup Technology Inc. of 388 Greenwich Street, New York, NY 10013, USA and/or the Citi entity which operates the Services you are accessing (and/or if you are Citigroup personnel, the Citi entity which employs you or contracts with you). A list of certain Citi entities can be found at: http://www.sec.gov/Archives/edgar/data/831001/000083100115000043/citi-exhibit2101x12312014.htm. If you would like additional information regarding the applicable Citi entity or entities, please contact us.

Data Transfer

Your personal information may be stored and processed in any country where we have facilities or in which we engage service providers.

Some of the non-EEA countries are recognized by the European Commission as providing an adequate level of data protection according to EEA standards (the full list of these countries is available here).

Complaints

You may lodge a complaint with a data protection authority for your country or region where an alleged infringement of applicable data protection law has occurred. A list of data protection authorities is available here.

Supplemental provision applicable to users registering from the UAE

Your use of the Services signifies that you agree to waive your material privacy rights under the laws of the UAE. You also agree not to hold Citi liable for any publicity, any publication of news, or comments pertaining to the secrets of your or any other person's private or family lives on the Services. Your use of the Services signifies your consent to allowing Citi to disclose any information that you may consider a secret to anybody at any time. You agree not to hold Citi liable for any disclosure of such information that you may think to be a secret to anyone. Please do not use the Services if you disagree with any part of this Notice.

Supplemental provision applicable to users registering from Korea

Your consent of the Notice and User Agreement upon joining the Citi Alumni Site is deemed that you agreed that your personal information will be controlled, not by Citibank Korea Inc. nor other subsidiaries and affiliates in Korea (“Citi Korea”), but by Citigroup Inc. NY, USA and/or Citi entity which operates the Services you are accessing. Citi Korea is solely responsible for the use of your personal information within Korea, when it is used by Citi Korea, under the applicable Korean laws including; Personal Information Protection Act, Act on Promotion of Information and Communications Network Utilization and Information Protection, etc., and other relevant Korean laws. Your personal information and the Submitted material can be shared with Citi Korea but Citi Korea will not collect and use such personal information and material for any marketing purpose without your prior consent. When Citi Korea obtains personal information our personal information via the Services, the use will be controlled by and be bound to the necessary process and procedure following the applicable Korean laws.

Supplemental provision applicable to users registering from the Kingdom of Bahrain

Your Data Protection Rights – Bahrain

If you normally reside in the Kingdom of Bahrain or have a workplace there, you have the following rights in relation to your personal information under the Law No. 30 of 2018 promulgating the Personal Data Protection Law (“PDPL”):

  • The right to be notified of the processing
  • The right to access your personal information on request. You can ask us to provide a copy of the personal information we hold about you
  • The right to rectification, blocking or erasure. You have the right to ask us to have personal information we hold about you removed or any inaccurate personal information about you corrected
  • The right to object to processing for direct marketing purposes.
  • The right to object to processing that causes harm to you or others.
  • The right to object to processing based on automated processing.

If applicable, you also have a right to make a complaint to the Personal Data Protection Authority in the Kingdom of Bahrain.

You can withdraw consent granted to Citi for the processing of your personal information at any time.

Please note that the withdrawal only applies going forwards, it does not have retrospective effect. Processing that was carried out before the withdrawal was notified is not affected by it.

Further Information on your Rights of Objection in Bahrain

Right to Object to Data Processing for Direct Marketing Purposes

Citi may process your personal information in order to conduct direct marketing. You have the right to object to the processing of your personal information for the purpose of this type of marketing at any time.

If you object to processing for the purpose of direct marketing, we will no longer process your personal information for this purpose.

Right to Object to Data Processing that Causes Harm or Distress

You have the right to object to the processing of your personal information for a specific purpose or in a specified manner, in either of the following two instances:

  • if the processing for such purpose or in that manner causes substantial and unwarranted harm or distress to you or others; or
  • if there are reasonable grounds to believe it is likely that the processing for such purpose or in that manner will cause substantial and unwarranted harm or distress to you or others.

The right to object does apply where you have agreed to the processing or where the processing is necessary for one of the grounds for lawful processing stipulated in the applicable law.

If you submit an objection, you will need to give reasons and evidence to support the objection.

If you object processing by us for a specific purpose or in a specified manner, we may not be able to provide Services and maintain a business relationship.

Right to Object to Decisions Made Based on Automated Processing

In instances where a decision is taken by Citi based only on automated processing of your personal information to evaluate you (e.g. in terms of your performance at work; your financial position; your qualification for borrowing; your behavior or your trustworthiness) you have the right to request that another evaluation method be adopted that does rely on automated processing.

Individual Right of Objection

On grounds relating to your particular situation, you shall have the right of objection to processing of your personal information at any time, in line with Article 4 paragraph 5 of the PDPL (data processing based on balancing interests).

If you submit an objection, we will no longer process your personal information unless we can give evidence of mandatory, legitimate reasons for processing, which outweigh your interests, rights, and freedoms, or processing serves the enforcement, exercise, or defence of interests.

Please note, that in such cases we will not be able to provide Services and maintain a business relationship.

Data Transfer outside of Bahrain

Your personal information may be transferred outside of the Kingdom of Bahrain and stored and processed in another country where Citi has facilities or in which we engage service providers.

Some of these countries may not have laws that provide the same level of data protection as the laws of Kingdom of Bahrain and are not recognized by the Personal Data Protection Authority as providing an adequate level of protection.

We only transfer personal information to these countries as permitted under applicable laws (e.g. with your consent or when the transfer is necessary for the Services we provide you) or with the authorisation of the Personal Data Protection Authority when we have provided sufficient guarantees regarding the protection of privacy.

Data Controller - Bahrain

Your consent of the Notice and User Agreement upon joining the Citi Alumni Site is deemed that you agreed that your personal information will be controlled, not by Citibank, N.A., Bahrain Branch nor other subsidiaries and affiliates in Bahrain (“Citi Bahrain”), but by Citigroup Inc. NY, USA and/or Citi entity which operates the Services you are accessing. Citi Bahrain is solely responsible for the use of your personal information within the Kingdom of Bahrain, when it is used by Citi Bahrain, under the applicable laws of the Kingdom including the PDPL. Your personal information and the Submitted material can be shared with Citi Bahrain and use such personal information and material for any marketing purpose without your prior consent. When Citi Bahrain obtains personal information our personal information via the Services, the use will be controlled by and be bound to the necessary process and procedure following the applicable laws of the Kingdom of Bahrain

If you are, or will be, a resident of the U.S. State of California, you have certain rights with respect to your Personal Information under the California Consumer Privacy Act (“CCPA”) as of January 1, 2020. For more information about what this means to you, please click here.

To access your rights under CCPA, please call U.S. +1 833-971-1191 or click here CCPA non-US Request to print a form and mail to us.

Information about cookies

Cookies facilitate certain features that can make the surfing experience more convenient and valuable for Web users.

A "cookie" is a small piece of information which a web server can store on your web browser. This is useful for having your browser remember some specific information which the web server can later retrieve. As you browse the web, some cookies are "set" on your Web browser. When you quit your browser, some cookies are stored in your computer's memory in a cookie file, while some expire, or disappear. All cookies have expiration dates. The cookie is set on a particular browser on a particular computer, so when you use a different computer, the cookie will not exist.

Cookies are used, for example, when a browser stores your password to a particular site so that you do not have to input it every time you visit. Cookies are also used to store preferences you express for information that is then aggregated and presented to you. Instances where cookies are most commonly used include:

Ordering Online: Online ordering systems can use cookies that remember what a person wants to buy. Cookies enable users to keep browsing and adding to their "shopping cart". They can even end a browser session, come back, and still have the same items in their cart from the last session, if they choose to.

Registering Online: If you decide to register for an informational site, such as a newspaper, periodical or an interest group site, or even a chat group or on-line community, so that you can use it on a regular basis, you will likely be asked to supply some information about yourself. Often cookies are used so that you do not have to identify yourself every time you re-enter the site.

Site Personalization: Cookies allow users to indicate what types of information they are interested in receiving when they visit a particular site. Users can then view only what they are interested in and not waste time with news or information of no interest to them.

Web Site Tracking: Tracking allows site owners to find out what pages visitors link to, and interpret or infer what is interesting to them. This helps the owners of sites to keep their content fresh and relevant.

Targeted Marketing: Cookies can be used to build a profile of where on a particular site you visit. This information is then used to target advertising that might be of interest to you. Some sites use cookies to "remember" which advertisements were sent to you, so that you do not see the same ones again.

Security: Cookies cannot be used to obtain data from your hard drive, get your e-mail address or steal sensitive or personal information about you. The only way that any private information could be part of your cookie file would be if you personally gave that information to a Web server. Also, each cookie can only be read by the server that set it, so strange servers cannot view or steal the information in a cookie that you have previously accepted.

Note also that computer viruses are not passed through the setting or use of cookies.

If you, as a visitor, want to disallow cookies you can do so on your Web browser.

Copyright © 2020 Citigroup Inc.