Privacy

Learn more about our Privacy Policy

Learn more about our Privacy Policy

The Privacy Policy ("This Policy") applies only to retail banking products or services of Citibank (China) Limited ("Citi" or "we").

Last Updated: Jan 2019

If you have any questions, comments or suggestions about this Policy, please contact us using the information below:
Email: consumer.china@citi.com or Fill out and submit the "Email Us" form online.

Telephone:

400-821-1880 (Only for fixed phones in mainland China) to contact service specialist of CitiPhone. Outside the country, please call (+86)-(20)-3880-1267 (Retail Banking and Citi Business Customer) or (+86)-(21)-3896-9500 (Credit Card Customer). Customers may need to pay communication charges to telecom operators for such calls (charges are as set by respective telecom operators).

This policy will help you understand the following:

1. How we collect and use your personal information

2. How we use cookies and similar technologies

3. How we share, transfer, and publicly disclose your personal information

4. How we protect your personal information

5. Your rights

6. How we process personal information of children

7. How personal information is transferred globally

8. How we update this policy

9. How to contact us

We understand the importance of personal information to you and will do our utmost to protect your personal information. We are committed to maintaining your trust in us and to abide by the following principles to protect your personal information: the principle of consistency of rights and responsibilities, the principle of clear objectives, the principle of consent, the principle of minimum sufficient use, the principle of ensuring security, the principle of subject participation, the principle of openness and transparency, etc. . At the same time, we promise that we will take appropriate security measures to protect your personal information in accordance with the industry's mature security standards.
Please read and understand this policy carefully before using our products (or service).

1. How we collect and use your personal information

Personal information refers to various information recorded electronically or otherwise that can identify a specific natural person or reflect the activity of a particular natural person, either alone or in combination with other information.

We collect and use your personal information only for the purposes stated in this policy:

1.1 Information collected by online banking

We collect your personal and non-personal information through your use of Citi Online Banking.
We collect personal information that you voluntarily provide to us through Citi Online Banking, including:

• Name
• Contact: including address, phone number and email address
• Your bank card number or account number
• Security code, zip code, electronic code, security question, password or other authentication information
• Information you provide when contacting or responding to us

We may automatically collect your following personal information through your use of our online banking services:

• Banking or other transactions through online banking
• Your IP address and location data
• Computer device identification code when you access Citi’s web pages

We may also automatically collect the following non-personal, aggregated, unidentified or anonymous information related to your use of online banking:

• Date and time when Citigroup browses to visit our server
• Non-personal information about banking and other transactions
• Information and files downloaded to the app
• Operating system version of your device

1.2 How we use the information collected by online banking

Personal information collected through online banking is managed by Citi business unit, which maintains your account usage or processes your application for a new product or service. Information collected via online banking will be used in accordance with this Policy and the applicable privacy terms to the Citi business and services you use.
We use personal information collected online for the following purposes:

• Verify your user identity to allow your account access to online banking
• Conduct user identification to complete your personalization in online banking when you use online banking again
• Process applications and transactions
• Respond your request
• Improve, perfect and personalize online banking and other online services
• Use and/or disclose information for the purpose of detecting fraud and information security
• Identify your phone to help you use Citi Mobile Banking
• Process further information on your application or feedback request for Citi products and services

We may use your personal information to deliver Citi products and services that may be of interest to you.

2.1 Information collected by Citi Online Banking or Citi Mobile Banking may be used to conduct internal audits, data analysis and research to improve our products or services.

We collect your personal and non-personal information through your use of Citi Mobile Banking.

We collect personal information that you voluntarily provide to us through your use of Citi Mobile Banking(including any web page accessed by Citi Mobile Banking), including:

• Name
• Contact: including address, phone number and email
• Your bank card number or account number
• Security code, zip code, electronic code, security question, password or other authentication information
• Information you provide when contacting and responding to us

By using Citi Mobile Banking, we may automatically collect the following personal information:

• Banking or other transactions through Citi Mobile Banking
• Your IP address
• the model of your phone running Citi Mobile Banking

We may also automatically collect the following non-personal, aggregated, unidentified or anonymous information related to your use of Citi Mobile

• Date and time when Citi Mobile Banking accesses our server
• Non-personal information about banking and other transactions
• Information and files downloaded to Citi Mobile App
• The version of Citi Mobile you are using
• The type of your phone’s operating system
• The model and manufacturer of your phone
• Network service provider or mobile provider
• Mobile device identification code
We may collect your location information. You can disable our location collection on your phone. Some features of Citi Mobile may not be available if you disable the location feature.

2.2 How we use the information collected by Citi Mobile Banking

Personal information collected through Citi Mobile Banking is managed by Citi business unit, which maintains your account usage or processes your application for a new product or service. Information collected via Citi Online Banking will be used in accordance with this Policy and the applicable privacy terms to the Citi business and services you use.
We use personal information collected by Citi Mobile for the following purposes:

• Verify your user identity to enable your account access on Citi Mobile
• Conduct user identification to enable your personalization in online banking when you use online banking again
• Process applications and transactions
• Respond to your request
• Improve, perfect and personalize Citi Mobile and other online services
• Use and/or disclose information to detect fraud and information security
• Identify your phone to help you use the app
• Process further information on your application or feedback request for Citi products and services

We may use your personal information to provide you with Citi products and services that may be of interest to you.

3. Information collected by Citi Online Banking or Citi Mobile Banking may be used for internal audit, data analysis and research to improve our products or services.

If we use the information for other purposes which are not stated in this policy, we will seek your consent in advance.

If we use the information collected for a specific purpose for other purposes, we will seek your consent in advance.

2. How we use cookies and similar technologies

(1) Cookie
To ensure the proper operation of online banking and mobile banking, we store pieces of information called Cookie in your computer or mobile device. Cookies usually contain an identifier, a site name, and some numbers and characters. With the help of cookies, data such as your preferences could be stored.

We do not use cookies for any purpose other than those stated in this policy. You can manage or delete cookies based on your preferences. Please refer to the link http://optout.networkadvertising.org/ for more information. However, if you decide to delete certain cookies stored on your computer or mobile device, your site experience may be degraded and you may not be able to use some of online features, especially the security and fraud monitoring features of cookies.

(2) Website beacons and pixel tags
In addition to cookies, we may use similar technology as beacons and pixel tags in online banking or mobile banking to collect your browser, mobile devices and other information such as web browsing time, pages visited, language preferences, and other interacting data from Citigroup sites. This part of data may be associated with your terminal device information (e.g IP address, installation fonts, language and browser settings, time zone, and etc.) to facilitate our understanding on your preference of Citi products or services and improve our customer service.

(3) Do Not Track
Many website browsers provide a Do Not Track function that can send a signal to the websites you visit to indicate you do not wish to be tracked. Up to now, major Internet standardization organizations have not established policies to specify how websites should handle these requests.. However, if you enable Do Not Track in your browser, all our websites will respect your selection.

3. How we share, transfer, and publicly disclose your personal information.

(1) Sharing

In principle, we do not share your personal information with any company, organization or individuals, with the following exceptions:
1. Share upon your explicit consent: We will share your personal information with other parties after obtaining your explicit consent.
2. We may share your personal information to comply with laws and regulations or mandatory requirements from governmental authorities.
3. We may share your personal information with third-party partners for the following purposes:
Help us to provide the services you need
Help us to analyze and understand our service usage
Prevent fraud or other illegal acts
Comply with subpoenas, court orders or other legal requirements

(2) Transfer
We will not transfer your personal information to any company, organization or individuals except in the following cases:
1. Transfer upon your explicit consent: After obtaining your explicit consent, we will transfer your personal information to other parties;
2. In the case of mergers, acquisitions or bankruptcy liquidation, if it involves transfer of personal information, we will request the new company or organization, which holds your personal information, to be bound by this Policy. Otherwise we will ask the new company or organization to resolicit your authorization.

(3) Public disclosure
We will only publicly disclose your personal information under the following circumstances:
1. After obtaining your explicit consent;
2. Disclosure based on law: We may publicly disclose your personal information in the event of mandatory requirement of legal, legal procedure, litigation or governmental agencies.

4. How do we protect your personal information

(1)We have used industry-standard security measures to protect the personal information you provide to prevent unauthorized access, public disclosure, use, modification, damage or loss of data. We will take all reasonable and feasible action to protect your personal information. For example, when you exchange data (such as credit card information) between your browser and the "service", you are protected by SSL encryption; in the meantime, we also provide https secure browsing for Citi website; we use encryption to ensure data confidentiality; we will use trusted protection mechanisms to protect against malicious attacks; we deploy access control mechanisms to ensure that only authorized personnel have access to personal information; and we conduct security and privacy protection training courses to enhance employee awareness of the importance of protecting personal information.

(2) We will take all reasonable and feasible measures to ensure that no irrelevant personal information is collected. We will only retain your personal information for the five-year period required to achieve the purposes stated in this policy, unless an extension of the retention period is required or permitted by law.

(3) The Internet is not an absolutely secure environment. Besides, email, instant message, and communication with other Citi users are not encrypted. We strongly recommend you not to send personal information in this way. Please use complex passwords to help us keep your account secure.

(4) The Internet environment is not 100% secure, and we will do our best to ensure or guarantee the security of any information you send to us. If our physical, technical, or administrative protection is damaged, which results in unauthorized access, public disclosure, alteration, or destruction of information and further impairs your legitimate right, we would undertake corresponding legal liabilities.

(5) In the occurrence of any personal information security incident, we will promptly notify you of the following in accordance with laws and regulations: basic information about the security incident and its potential impact, treatment measures we have taken or will take, suggestions about proactive defense and risk mitigation, remedial measures and etc. We will promptly let you know relevant situations of the incident by means of mail, letter, phone call, push notification and etc. We will issue announcement in a reasonable and effective manner when having difficulty in reaching out to each personal information subject.

Meanwhile, we will also report the handling status of personal information security incidents as required by regulatory authorities.

5. Your rights

In accordance with China's relevant laws, regulations, standards, and the common practice of other countries and regions, we guarantee you the following rights of your personal information:

(1) Access to your personal information

You are authorized to access your personal information, except for some circumstances stipulated by law and regulations. If you would like to exercise your right of data access, you could access it on your own by the following means:
Account Information - If you want to access or edit your profile information and payment information change your password, add security information or close your account, you can visit Citibank Online Banking at www.citibank.com. cn; Citi Mobile: mobile.citibank.com.cn to perform such operations.
If you are unable to access your personal information via the link above, you can always contact us by using our web form, or sending an email to consumer.china@citi.com or filling out and submitting the "Email Us" form online. We will respond to your request within 30 days.
We will provide you with additional personal information that may arise from your use of our products or services, as long as it does not take much effort. If you would like to exercise data access, please send email to consumer.china@citi.com or fill out and submit the "Email Us" form online.

(2) Correct your personal information

When you identify any error in your personal information by our process, you are entitled to require us to make the correction. You can raise a correction application by using the methods listed in "(1) Access to your personal information."
If you are unable to correct your personal information through the link above, you can always contact us by using our web form, or sending an email to consumer.china@citi.com or filling out and submitting the "Email Us" form online. We will respond to your request within 30 days.

(3) Delete your personal information

Under the following circumstances, you can request us to delete your personal information:
1. If our processing of personal information violates any law or regulation
2. If we collect or use your personal information without your consent
3. If our processing of personal information breaches our agreement with you.
4. If you no longer use our products or services, or you cancel your account
5. If we no longer provide products or services to you

If we decide to respond to your removal request, we will also notify the entity from which we obtained your personal information and request that it be removed in a timely manner, unless required by laws and regulations, or if these entities obtain your independent authorization

(4) Change your authorization scope

Each business function requires certain basic personal information to be provided (please refer to "Part 1" of this Policy). You could grant or withdraw your authorization consent at any time for the collection and use of the additionally collected personal information.
You can change the authorization scope by yourself in the following ways:
Call the Citi Service Hotline
When you withdraw your consent, we will no longer process your corresponding personal information. However, this decision to withdraw your authorization will not affect personal information processing upon your previous authorization.
If you do not wish to receive commercial advertisements we deliver, you can cancel at any time by:
SMS: Replying with TD
Mail: Replying directly to this message and change the subject to "Unsubscribe". We will process your request within 10 business days. Please understand that you are still likely to receive emails from us during this period. Please kindly note that you could not send new emails to this email address as this type of request cannot be processed.

(5) Account Cancellation

You can cancel your previously registered accounts at any time, you can do it by yourself in the following ways:
For debit card customers who wish to cancel online banking, they should visit branch/sub-branch in person and fill out the Debit Card Business Application Form. For credit card customers, they can call Citi Service Hotline to cancel online banking.
After account cancellation, we will stop providing you our products or services, and will delete your personal information per your requirements, unless otherwise stipulated by laws and regulations.

(6) Constraints of automatic decision making from information systems

In certain business functions, we may make decisions solely based on non-manual automatic decision mechanisms including information systems and algorithms. If these decisions significantly affect your legitimate interests, you have the right to ask for explanation and we will provide appropriate remedies.

(7) Responding to your above request

In order to ensure the security, you may need to provide a written request or other supporting to verify your identity. We may ask you to verify your identity before processing your request. We will respond to you within 30 days. If you are unsatisfied with services, you can also make complaints through the following channels:
Calling 400-821-1880 (fixed number from mainland China only); sending email to consumer.china@citi.com or filling out and submitting the "Email Us" form online.

In principle, we do not charge for your reasonable request, however, for those repetitive, beyond reasonable requests, we may charge a fee as the case may be. For those unreasonably repetitive requests which need too excessive technical means (for example, need to develop new systems or fundamentally change existing practices), pose risks to others’ legal rights, or are very impractical (for example, involving information stored on backup tapes), we may reject such requests.
In the following situations, we will not be able to respond to your request as required by law or regulation:
1. Directly related to national security and national defense security
2. Directly related to public safety, public health, and major public interests
3. Directly related to criminal investigation, prosecution, trial and judgment execution.
4. There is sufficient evidence that you have subjective malice or abuse of rights.
5. Respond to your request which may result in serious damage to the legitimate rights and interests of you or other individuals or organizations
6. Involve trade secrets

6. How we process children's personal information.

Our products, websites and services are primarily for adults. Children cannot create their own user accounts without the consent of their parents or guardians.
For the children’s personal information collected with consent of their parents or guardians, we will only use or disclose such information to the extent allowed by law and regulation, expressly consented by their parents or guardians or necessary for the protection of the interests of the children.
Although local laws and customs have different definitions of children, we treat anyone under the age of 14 as a child.
If we find that we have collected the child's personal information without prior verifiable consent of the parents, we will try to delete the data as soon as possible.
We do not allow those under 18 years old to open an account. Existing customers under the age of 18 must be accompanied by their guardians to perform any account operations.

7. How personal information is transferred globally.

In principle, the personal information we collect and generate within the territory of the People's Republic of China will be stored in the territory of the People's Republic of China.
Since we provide products or services through resources and servers across the world, which means that your personal information may be transferred to the foreign jurisdiction of the country in which you use the product or service, or be accessed from these jurisdictions.
Such jurisdictions may have different data protection laws or even don’t have relevant laws. In such cases, we will ensure that your personal information is adequately protected within the territory of the People's Republic of China. For example, we will ask you for permission to transfer personal information across borders or to implement security measures such as data de-identification before cross-border data transfers.
At present, the personal financial information we collected within PRC territory is stored, processed and analyzed within PRC territory, and a strict review process is in place for cross-border data transfer.

8. How to update this policy

We may change this Policy from time to time
We will not undermine your rights entitled under this Policy without your explicit consent. We will post any changes and revisions of this Policy on this page.
For significant changes, we also provide more noticeable notices (including for certain services, we will send a notification via email stating the specific changes to this policy).
Significant changes referred hereunder include but not limited to:
1. Major changes in our service model, such as the purpose of processing personal information, the type of personal information processed, the way in which personal information is used, etc.
2. Major changes in our ownership structure, organizational structure, etc. Owner changes caused by business adjustments, bankruptcy mergers, etc.
3. Changes in the main objects of personal information sharing, transfer or public disclosure
4. Major changes in your rights to participate in the processing of personal information and the way oft is exercising such rights.
5. Changes in the department, contact information and complaint channels responsible for personal information security.
6. Personal information security impact assessment report indicates that there is a high risk
We will also archive the old version of this policy for your reference.

9. How to contact us

If you have any questions, comments or suggestions about this policy, please call 400-821-1880 (fixed calls in mainland China only) and contact our Citi service specialist. Overseas customers please call (+86)-(20)-3880-1267 (Retail Banking and Citi Business Customer) or (+86)-(21)-3896-9500 (Credit Card Customer). Customers may need to pay communication charges to telecom operators for such calls (charges are as set by respective telecom operators).

10. Language

These Terms and Conditions are written in both Chinese and English. In case of discrepancies, the Chinese version shall prevail.

11. CCPA

If you are, or will be, a resident of the U.S. State of California, you have certain rights with respect to your Personal Information under the California Consumer Privacy Act (“CCPA”) as of January 1, 2020. For more information about what this means to you, please click here https://www.citigroup.com/citi/privacy.html.

To access your rights under CCPA, please call U.S. +1 833-399-0014 or click here CCPA non-US Request to print a form and mail to us.