This section was last updated on October 3, 2019.
This Privacy Notice (the “Notice”) governs how Citi collects, uses, and discloses personal information from and about users of Citi websites and apps that link to this Notice (collectively, the “Services”). We advise you to read the Notice in its entirety, including the jurisdiction-specific provisions in the appendix to this Notice, which will apply to users in certain jurisdictions.
Please note that if you are a Citi customer, additional privacy notices may apply to you as a customer of a particular Citi business, and this Notice does not replace or revise any other privacy notice that may be applicable to personal information collected or used by Citi through that customer relationship with Citi.
Personal Information Collected Through the Services
Citi collects and uses certain personal information in order to operate and provide you with access to the Services. This includes information that you provide to us and information that we collect automatically when you visit or interact with the Services.
Information That You Provide to Us
We collect personal information that you voluntarily provide to us when you use the Services. This information includes, without limitation: your email addresses, telephone numbers, and other contact details; the identity of your current employer and other biographical information; submissions to our Ethics Hotline; feedback on our websites or mobile apps; online preferences, such as Citi News alerts selections; and business information, such as your company name, your role, and industry.
Information That We Collect About Your Use of the Services
We collect information about your use of the Services and about the device you use to access the Services, including: the pages you request and visit; the posts you submit; information on your interaction with other users; information obtained in the course of maintaining or supporting the Services; information about your internet use, such as your IP address, the URLs of sites from which you arrive or leave the Services, your type of browser, your operating system, your internet service provider; and, if you access the Services via your mobile device, we may also collect information about your mobile provider and type of mobile device.
We (and our service providers) use different technologies to collect this information, including cookies and web beacons. Cookies are small data files stored on your hard drive or in device memory that help us improve our Services and your experience, see which areas and features of our Services are popular, and count visits. Web beacons are electronic images that may be used in our Services or emails and help deliver cookies, count visits, and understand usage and campaign effectiveness. For more information about cookies and how to disable them, please see “Your Choices” below.
Advertising and Analytics Services Provided by Others
How Personal Information Is Used
We use the information we collect to provide, maintain, and improve the Services. We also use the information we collect to:
How Personal Information Is Shared
We may share your personal information as follows or as otherwise described in this Notice:
We may also share aggregated or de-identified information that cannot reasonably be used to identify you.
Our Services are not designed for children and do not knowingly collect personal data from children. If you have reason to believe that a child has provided personal data to us, please contact us, and we will endeavor to delete that information from our databases.
Links to Other Websites
The Services may contain links to other websites. Please note that Citi is not responsible for the privacy or information security practices of other websites. You should carefully review the applicable privacy and information security policies and notices for any other websites you click through to via the Services. This Notice applies solely to your personal information collected by the Services.
We seek to use reasonable physical, electronic, and procedural measures to safeguard personal information within our organization against loss, theft, and unauthorized use, disclosure, or modification. Unfortunately, however, no data transmission over the internet can be guaranteed to be 100% secure. As a result, while we strive to protect your information, we cannot guarantee its security.
Marketing Emails and Citi News Alerts
If you no longer want to receive marketing-related emails from us or Citi News Alerts, you may opt out by following the instructions contained within each such email or through the communications center in your account profile. We will try to comply with your request as soon as reasonably practicable. Please note that if you opt out of receiving marketing-related emails or Citi News Alerts, we may still send you administrative messages, from which you cannot opt out.
Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove or reject browser cookies. Please note that if you choose to remove or reject cookies, this could affect the availability and functionality of our Services.
Changes to This Notice
From time to time, we may revise this Notice. Changes may be made for any number of reasons, including to reflect industry initiatives, changes in the law, and changes to the scope of the Services, among other reasons. You can tell when we last updated the Notice by checking the date at the beginning of the Notice. Any changes will become effective when we post the revised Notice on the Services.
If you have any other questions concerning this Notice, you may submit them using our Contact Us form.
Supplemental provisions regarding individuals in the EEA
If you are in the European Economic Area (“EEA”), you have certain rights and protections under the law regarding the processing of your personal data.
Legal Basis for Processing
If you are in the EEA, when we process your personal data we will only do so in the following situations:
Data Subject Requests
You may have certain rights with respect to the personal information which Citi holds about you, including the right to access or correct (and sometimes, object to or delete) the information. If you would like to request to review, correct, update, suppress, restrict or delete personal information that you have provided to us, object to the processing of personal Information, or if you would like to receive an electronic copy of your personal information for purposes of transmitting it to another company (to the extent this right to data portability is provided to you by applicable law) you may contact our GDPR Data Protection Officer by mail at Citigroup Centre, Canada Square, Canary Wharf, London, E14 5LB. We will respond to your request consistent with applicable law.
For your protection, we may only implement requests with respect to the personal information associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable. Please note that we may need to retain certain information for recordkeeping purposes and/or to complete any transactions that you began prior to requesting a change or deletion.
We retain personal information for as long as needed or permitted in light of the purpose(s) for which it was obtained and consistent with applicable law. The criteria used to determine our retention periods include:
Except as otherwise specified on any subsections within sites or apps that comprise the Services, such as the Careers, Alumni, or Citi Consumer Banking subsections, your personal information will be controlled by Citigroup Technology Inc. of 388 Greenwich Street, New York, NY 10013, USA and/or the Citi entity which operates the Services you are accessing (and/or if you are Citigroup personnel, the Citi entity which employs you or contracts with you). A list of certain Citi entities can be found at: http://www.sec.gov/Archives/edgar/data/831001/000083100115000043/citi-exhibit2101x12312014.htm. If you would like additional information regarding the applicable Citi entity or entities, please contact us.
Your personal information may be stored and processed in any country where we have facilities or in which we engage service providers.
Some of the non-EEA countries are recognized by the European Commission as providing an adequate level of data protection according to EEA standards (the full list of these countries is available here).
You may lodge a complaint with a data protection authority for your country or region where an alleged infringement of applicable data protection law has occurred. A list of data protection authorities is available here.
Supplemental provision applicable to users registering from the UAE
Your use of the Services signifies that you agree to waive your material privacy rights under the laws of the UAE. You also agree not to hold Citi liable for any publicity, any publication of news, or comments pertaining to the secrets of your or any other person's private or family lives on the Services. Your use of the Services signifies your consent to allowing Citi to disclose any information that you may consider a secret to anybody at any time. You agree not to hold Citi liable for any disclosure of such information that you may think to be a secret to anyone. Please do not use the Services if you disagree with any part of this Notice.
Supplemental provision applicable to users registering from Korea
Your consent of the Notice and User Agreement upon joining the Citi Alumni Site is deemed that you agreed that your personal information will be controlled, not by Citibank Korea Inc. nor other subsidiaries and affiliates in Korea (“Citi Korea”), but by Citigroup Inc. NY, USA and/or Citi entity which operates the Services you are accessing. Citi Korea is solely responsible for the use of your personal information within Korea, when it is used by Citi Korea, under the applicable Korean laws including; Personal Information Protection Act, Act on Promotion of Information and Communications Network Utilization and Information Protection, etc., and other relevant Korean laws. Your personal information and the Submitted material can be shared with Citi Korea but Citi Korea will not collect and use such personal information and material for any marketing purpose without your prior consent. When Citi Korea obtains personal information our personal information via the Services, the use will be controlled by and be bound to the necessary process and procedure following the applicable Korean laws.
Supplemental provision applicable to users registering from the Kingdom of Bahrain
Your Data Protection Rights – Bahrain
If you normally reside in the Kingdom of Bahrain or have a workplace there, you have the following rights in relation to your personal information under the Law No. 30 of 2018 promulgating the Personal Data Protection Law (“PDPL”):
If applicable, you also have a right to make a complaint to the Personal Data Protection Authority in the Kingdom of Bahrain.
You can withdraw consent granted to Citi for the processing of your personal information at any time.
Please note that the withdrawal only applies going forwards, it does not have retrospective effect. Processing that was carried out before the withdrawal was notified is not affected by it.
Further Information on your Rights of Objection in Bahrain
Right to Object to Data Processing for Direct Marketing Purposes
Citi may process your personal information in order to conduct direct marketing. You have the right to object to the processing of your personal information for the purpose of this type of marketing at any time.
If you object to processing for the purpose of direct marketing, we will no longer process your personal information for this purpose.
Right to Object to Data Processing that Causes Harm or Distress
You have the right to object to the processing of your personal information for a specific purpose or in a specified manner, in either of the following two instances:
The right to object does apply where you have agreed to the processing or where the processing is necessary for one of the grounds for lawful processing stipulated in the applicable law.
If you submit an objection, you will need to give reasons and evidence to support the objection.
If you object processing by us for a specific purpose or in a specified manner, we may not be able to provide Services and maintain a business relationship.
Right to Object to Decisions Made Based on Automated Processing
In instances where a decision is taken by Citi based only on automated processing of your personal information to evaluate you (e.g. in terms of your performance at work; your financial position; your qualification for borrowing; your behavior or your trustworthiness) you have the right to request that another evaluation method be adopted that does rely on automated processing.
Individual Right of Objection
On grounds relating to your particular situation, you shall have the right of objection to processing of your personal information at any time, in line with Article 4 paragraph 5 of the PDPL (data processing based on balancing interests).
If you submit an objection, we will no longer process your personal information unless we can give evidence of mandatory, legitimate reasons for processing, which outweigh your interests, rights, and freedoms, or processing serves the enforcement, exercise, or defence of interests.
Please note, that in such cases we will not be able to provide Services and maintain a business relationship.
Data Transfer outside of Bahrain
Your personal information may be transferred outside of the Kingdom of Bahrain and stored and processed in another country where Citi has facilities or in which we engage service providers.
Some of these countries may not have laws that provide the same level of data protection as the laws of Kingdom of Bahrain and are not recognized by the Personal Data Protection Authority as providing an adequate level of protection.
We only transfer personal information to these countries as permitted under applicable laws (e.g. with your consent or when the transfer is necessary for the Services we provide you) or with the authorisation of the Personal Data Protection Authority when we have provided sufficient guarantees regarding the protection of privacy.
Data Controller - Bahrain
Your consent of the Notice and User Agreement upon joining the Citi Alumni Site is deemed that you agreed that your personal information will be controlled, not by Citibank, N.A., Bahrain Branch nor other subsidiaries and affiliates in Bahrain (“Citi Bahrain”), but by Citigroup Inc. NY, USA and/or Citi entity which operates the Services you are accessing. Citi Bahrain is solely responsible for the use of your personal information within the Kingdom of Bahrain, when it is used by Citi Bahrain, under the applicable laws of the Kingdom including the PDPL. Your personal information and the Submitted material can be shared with Citi Bahrain and use such personal information and material for any marketing purpose without your prior consent. When Citi Bahrain obtains personal information our personal information via the Services, the use will be controlled by and be bound to the necessary process and procedure following the applicable laws of the Kingdom of Bahrain
If you are, or will be, a resident of the U.S. State of California, you have certain rights with respect to your Personal Information under the California Consumer Privacy Act (“CCPA”) as of January 1, 2020. For more information about what this means to you, please click here.
To access your rights under CCPA, please call U.S. +1 833-971-1191 or click here CCPA non-US Request to print a form and mail to us.
Information about cookies
Cookies facilitate certain features that can make the surfing experience more convenient and valuable for Web users.
A "cookie" is a small piece of information which a web server can store on your web browser. This is useful for having your browser remember some specific information which the web server can later retrieve. As you browse the web, some cookies are "set" on your Web browser. When you quit your browser, some cookies are stored in your computer's memory in a cookie file, while some expire, or disappear. All cookies have expiration dates. The cookie is set on a particular browser on a particular computer, so when you use a different computer, the cookie will not exist.
Cookies are used, for example, when a browser stores your password to a particular site so that you do not have to input it every time you visit. Cookies are also used to store preferences you express for information that is then aggregated and presented to you. Instances where cookies are most commonly used include:
Registering Online: If you decide to register for an informational site, such as a newspaper, periodical or an interest group site, or even a chat group or on-line community, so that you can use it on a regular basis, you will likely be asked to supply some information about yourself. Often cookies are used so that you do not have to identify yourself every time you re-enter the site.
Site Personalization: Cookies allow users to indicate what types of information they are interested in receiving when they visit a particular site. Users can then view only what they are interested in and not waste time with news or information of no interest to them.
Web Site Tracking: Tracking allows site owners to find out what pages visitors link to, and interpret or infer what is interesting to them. This helps the owners of sites to keep their content fresh and relevant.
Security: Cookies cannot be used to obtain data from your hard drive, get your e-mail address or steal sensitive or personal information about you. The only way that any private information could be part of your cookie file would be if you personally gave that information to a Web server. Also, each cookie can only be read by the server that set it, so strange servers cannot view or steal the information in a cookie that you have previously accepted.
If you, as a visitor, want to disallow cookies you can do so on your Web browser.
This notice sets out how we handle personal data as part of our business as Ahli United Bank B.S.C, and how we protect the privacy of the individuals whose data we process.
Ahli United Bank B.S.C. (AUB Bank) is part of the Ahli United Bank Group (Ahli United Bank Group) with its head office in the Kingdom of Bahrain operates in Bahrain, Egypt, Iraq, Kuwait, Libya, the United Arab Emirates, the Sultanate of Oman, and the United Kingdom. This privacy notice shall explain how shall Ahli United Bank, an entity operating in the Kingdom of Bahrain use the personal data collected from you when you use our services through any of our bank branches, offices, ATMs; our website, mobile applications, social media channels, or when you connect with us through other channels to start or manage your relationship with Ahli United Bank.
Ahli United Bank recognizes its privileged position in receiving your information for purpose of offering financial products, banking services, promoting offerings, and serving you as a customer or any other individual associated with Ahli United Bank. Ahli United Bank is committed to protecting the individual privacy of whose data we process in a way that shall consistent with the principles set out in the applicable data protection laws.
Ahli United Bank is the data controller of the personal information you have submitted to us. Which means we are responsible for deciding how we shall hold and use your personal data. For business efficiency and the provision of seamless services across geographies, we may authorize one of our entities or third- parties to processing the data on our behalf.
What data to be collected?
In order to serve you better, we shall collect relevant information in different intervals depending on the nature of the business, context, and purpose:
The information listed above that you have made available to us when you express your interest in avail services provided by us or when you intend to provide us with services. These details are collected and processed throughout your legal association with us. The details are protected in an appropriate manner beyond your association with us. These details shall be collected when you open an account g, inquire about a loan make financial transactions using our services, during employment interviews, employee onboarding, employment, vendor onboarding visit our website, internet portals, mobile applications or social media channels, etc.
Similar or select few details from the list above that you, your nominees, family members, or emergency contacts have made available to carry out regulatory requirements, to fulfil business interests, or to protect your interests. For example, naming a nominee or co-applicant for your bank account, credit services, emergency contacts, or family members information, etc.
How is your data collected?
Data is primarily collected in three ways: directly from you, from the devices you use to access the services, interact with us, and avail services, and data generated and enriched by third-parties. Representative scenarios are outlined below:
Data collected directly from you
Data collected from the devices
Data generated or enriched by third- parties
How will your data be used?
Personal data collected from you will be used to carry out several activities that shall support our mission to delivering banking and financial related services. Collected data will be used and processed:
We shall use your information for other reasons listed below:
How will your data be stored?
Your data is securely and safely stored in storage facilities identified and managed either by us or by authorized third- parties operate within the countries we operate in, or third countries. When we authorize a third-party to store your data, we conduct due diligence, make a risk assessment, and ensure that such third-parties and overseas (cross-borders) storage facilities comply with our internal policies and applicable data protection laws.
We will hold and retain your data as long as the term of your contract with us is valid and as the same is required by the applicable laws and regulations. If this term ends, we shall retain the data to meet our legitimate interests.
How will your data be shared and transferred?
We may share your data with other entities of Ahli United Bank Group and concerned third- parties that operate within the country we operate in or to third countries. In all these cases, appropriate contractual measures shall be carried out before sharing or transferring the data in compliance with the applicable laws and regulations.
The purpose of sharing your data is to deliver a seamless banking experience across geographies, ensure business and operational efficiency, and ensure data availability as part of our business continuity strategies.
When your data is transferred to third countries, international organizations, we shall implement strict measures to protect your data. In some countries, where the laws mandate us or our third- parties to share the data with regulators or to apply different levels of security, we ensure that the data is shared on a need basis with an appropriate level of security. Your data is required to be shared overseas to fulfil the contractual obligations, legal obligations, and for our legitimate business interests.
How do we secure and maintain the confidentiality of your data?
We implement various measures to keep your information safeguarded and secured including encryption and other forms of security. We shall bind our staff and third- parties who carry out any work on our behalf to comply with appropriate compliance standards, including obligations to protect any information and to apply appropriate data protection measures for the use and transfer of information.
How will your data going to be used for marketing?
We shall send you information about our products and services that we think you may benefit from or may be of interest to you. . You may opt-in to receive marketing communications at this stage. You can exercise your right to discontinue marketing communications to you at any of time.
If you no longer wish to be contacted for marketing purposes, you may unsubscribe or opt-out from such campaigns by navigating to our email communications preferences centre or by writing to us at AUBBH.DataProtection@Ahliunited.com.
What are your data protection rights?
We would like to ensure you are fully aware of the rights over your personal data. Every individual whose personal data we process is entitled to the following rights. In addition, the right to be informed as aimed by this notice:
Data accuracy and authenticity – Your responsibility
As the owner of your data, it’s your duty to ensure that the personal data and information you provide to us is accurate, up-to-date, and authentic.
You may exercise this duty and communicate your requirements with us directly at our email AUBBH.DataProtection@Ahliunited.com
Other Website Privacy notices
The website of Ahli United Bank contains links to portals of other entities and other third-party websites. This privacy notice applies only to the website, applications, portals, and channels of Ahli United Bank B.S.C. So, if you click on a link to another portal or website, you shall assume doing so at your own responsibility and you shall read other portal or website privacy notice.
What are cookies?
Cookies are text files placed on your computer to collect standard internet log-in information, visitor behaviour, and website traffic information. When you visit our website(s), we shall collect information from you automatically through cookies or similar technology.
For further information, visit www.allaboutcookies.org
What types of cookies do we use?
On our website we shall use the following types of cookies:
How to manage cookies?
You can set your browser to reject cookies, and the website www.allaboutcookies.org shall tell you how to remove cookies from your browser. However, in a few cases, some of our website features may not function as a result.
Changes to our privacy and cookies notice
Ahli United Bank shall review this notice on a periodical basis and updates shall be published herein accordingly. You shall be notified of the latest updated version when they are available here.
How to contact us?
Should you have any questions about this privacy notice, the data we hold on you, or you would like to exercise one of your data protection rights, you please contact us at: AUBBH.DataProtection@Ahliunited.com.
Ahli United Bank B.S.C,
Building 2495, Road 2832,
Al Seef District 428,
P.O. Box 2424,
Kingdom of Bahrain
Last Updated Date: 26th Apr 2021