Our goal is to maintain your trust and confidence when handling personal information about you.
Ensuring that we manage your personal information securely and consistently with the Privacy Act 1988 (Cth) is a top priority for all of us at Citi in Australia, which includes Citigroup Pty Limited, Citibank NA (Sydney Branch), and any other Citi entity registered in Australia or Citi entity considered to be ‘doing business in Australia’ (hereinafter referred to as Citi, we, us or our).
This policy is intended to help you understand how we manage the personal information that we collect about you, how you can seek access to and correction of that information and how you can make a complaint relating to our handling of that information.
Unless stated otherwise, this policy is relevant to the personal information of both our current and former customers, as well as other individuals we may deal with (for example, guarantors, directors and shareholders relating to our clients or individuals we deal with in other capacities as part of our business).
For information about our management of your credit-related information, please see our Credit Reporting Policy which contains information about credit reporting, including the credit reporting bodies with which we may share your credit information.
The nature of the personal information we collect and hold, and where it comes from, will vary according to the circumstances in which we are dealing with you (for example, if you are a customer, according to the specific product or service we are providing).
This information may include:
• information we collect from you, persons acting on your behalf, or our affiliates, on applications or other documentation or communications, such as your name, residential and business addresses, telephone numbers, email and other electronic addresses, nationality, tax domicile, associations with politically exposed persons, occupation, employment details, assets, expenses, income, dependents and details about your business dealings and other events in your life;
• information about your transactions and products with us, our affiliates, or third parties, such as account balances, payment history, credit history and details about account activity and product use;
• sensitive information, including health information (for example, health information you provide to us when you acquire insurance products or make a hardship application in connection with a loan);
• Australian or foreign government identifiers such as your ABN, Medicare card number, passport number or pension card number (for example, to verify your identity at the time you request a product or service);
• Australian tax file number, if the collection is needed to support tax reporting to the Australian Tax Office (ATO);
• other details relating to your relationship with us or our affiliates or third parties, including if we deal with you in a capacity other than a customer (for example, information about agreements or other arrangements or transactions you may have with us);
• location information, IP address and any third party sites you access when you visit our websites or mobile apps.
We usually collect your personal information directly from you. However, sometimes we may need to collect personal information about you from affiliates or third parties for the purposes described below. The circumstances in which we may need to do this include, for example, where we need information from a third party to assist us to process an application (such as to verify information you have provided or to assess your circumstances) or to assist us to locate or communicate with you.
Your telephone calls and conversations with a Citi representative may be recorded and monitored for quality, training and verification purposes.
We may hold your personal information in physical form or in electronic form on our systems or the systems of our service providers.
The personal information we hold about you is protected by physical, electronic, and procedural safeguards and we also require our service providers that hold and process such information on our behalf to follow appropriate standards of information security and confidentiality.
In order to satisfy our legal obligations we may need to retain your information even after a transaction has come to an end (subject to our obligations under the Privacy Act).
We train people who work for us on how to handle personal information appropriately and we restrict access to what is necessary for specific job functions.
When personal information is no longer required by Citi and if permitted by law, we will take reasonable steps to de-identify and/or destroy the information in accordance with our internal records management policy.
We will only collect, hold, use and disclose your personal information as reasonably necessary for our business purposes and as permitted by law. These purposes may include:
• processing a product application or service request (including verifying a person's identity for these purposes); (If you have general enquiry questions, you can choose to do this anonymously or use a pseudonym. We might not always be able to interact with you this way as we are often governed by strict regulations that require us to know who we’re interacting with).
• managing our products and services or other relationships and arrangements, including processing receipts, payments, invoices and managing reward programs;
• evaluating and monitoring credit worthiness;
• detecting and preventing fraud and other risks to us and our customers and assessing insurance risks and claims;
• responding to inquiries about applications, accounts or other products, services or arrangements;
• understanding our customers' needs and offering products and services to meet those needs;
• researching and developing our products and services and maintaining and developing our systems and infrastructure (including undertaking testing);
• undertaking securitisation activities and other activities relating to funding and capital requirements;
• allowing our affiliates and selected companies to promote their products and services to customers;
• assessing, processing and investigating insurance risks or claims;
• promotions and events, including competitions and ticket offers;
• dealing with complaints;
• meeting legal and regulatory requirements;
Various Australian and international laws may expressly require us to collect and / or disclose your personal information, or we may need to do so in order to be able to comply with other obligations under those laws. Such laws include:
• any purpose relating to organisations that have, or are wishing to acquire an interest in any part of our business from time to time; and
• enforcing our rights, including undertaking debt collection activities and legal proceedings.
In common with many organisations, we obtain services from other Citi entities and external third-party service providers, some of which may be located outside Australia, and your information may be provided to them for this purpose. We may also need to disclose your personal information to other Citi entities and to third parties for the purposes listed above.
Third parties to whom we disclose your personal information may include:
• our related Citi companies in Australia and overseas;
• sales agents and organisations that carry out functions on our behalf including card schemes, mailing houses, printers and call centre operators;
• legal, settlement and valuation service providers;
• data processing and market research service providers;
• regulatory bodies in Australia and overseas;
• financial and other advisors;
• participants in financial and payment systems, such as banks, credit providers, clearing entities and credit card associations;
• insurers, assessors and underwriters;
• brokers, introducers and other distributors;
• your guarantors and security providers;
• debt collectors;
• providers of loyalty incentives, rewards and other benefits in connection with a Citi account or service;
• other companies that we partner with to provide products and services, and their service providers;
• external dispute resolution schemes (for example, the Australian Financial Complaints Authority);
• organisations that have acquired, or are wishing to acquire an interest in any part of our business from time to time; and
• credit reporting bodies and other information providers. We may disclose your sensitive information for the purposes of assessing or approving a hardship application, and credit reporting bodies for the purposes of reporting if you have a hardship arrangement.
Some of these recipients may be located outside Australia. For more information about which countries your information may be sent to, please click here.
You are entitled under the Privacy Act to access personal information we hold about you, please contact us.
Given the range and diversity of Citi's operations in Australia, to help us locate and provide the information you request, we would ask that you be reasonably specific about the information you require.
We will need to validate the identity of anyone making an access request, to ensure that we do not provide your information to anyone who does not have the right to that information.
Gaining access to your personal information is subject to some exceptions allowed by law. Factors affecting a right to access include where:
• we reasonably believe that access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety;
• access would have an unreasonable impact on the privacy of others;
• the request for access is frivolous or vexatious;
• the information relates to a commercially sensitive decision-making process;
• access would be unlawful;
• denying access is required or authorised by or under an Australian law or a court / tribunal order;
• access would prejudice enforcement activities or the taking of appropriate action in relation to unlawful activity or serious misconduct;
• the information relates to existing or anticipated legal proceedings between you and Citi and would not be accessible by the process of discovery; or
• the information would prejudice negotiations with you.
There is no charge for making an access request but an administration fee may apply for providing access in accordance with your request. You can contact us using the contact details below. Your request will usually receive a response within 30 days.
We take all reasonable precautions to ensure that the personal information we collect, use and disclose is accurate, complete and up-to-date and relevant. However, if you believe that this is not the case in relation to any personal information we hold about you, you have the right under the Privacy Act to request that we correct that information. If you would like to do so please contact us using the contact details below.
If we do not agree with a request to correct information we hold in relation to you we will give you notice in writing as to our reasons and the mechanisms available to you to complain about our decision.
If you have reason to believe that we have not complied with our obligations under the Privacy Act in relation to your personal information, we urge you to first raise this with our Privacy Officer.
There are three ways you can lodge your complaint:
By telephone
Call 1300 308 935 (within Australia) or +61 2 8225 0615 (from overseas) between 9 AM – 5 PM
Monday to Friday (AEST)
In writing
Mail your written complaint to:
Privacy Officer
GPO Box 204, Sydney NSW 2001
By email
Email us at any time at: privacy.officer@citi.com .
We will investigate all complaints and respond to you as soon as practicable. If we find a complaint justified, we will resolve it. If necessary, we will change policies and procedures to maintain our high standards of performance, service and customer care.
For all non-privacy related complaints, please follow Our Complaints Process or contact your respective business representative.
If you are not satisfied with the way your privacy-related complaint is being handled by us after you have been through our internal complaints process, you can also lodge a complaint through the Office of the Australian Information Commissioner if your complaint is about your privacy or how we handled your credit information.
Office of the Australian Information Commissioner
Visit: oaic.gov.au
Email: enquiries@oaic.gov.au
Phone: 1300 363 992
Mail: GPO Box 5218, Sydney NSW 2001
If you wish to find out more information, or raise any specific or general concerns, about Citi and our Privacy Policy and privacy practices, the contact details are as follows:
In writing
Privacy Officer
GPO Box 204, Sydney NSW 2001
By email
Email us at any time privacy.officer@citi.com.
Please do not include account numbers or other sensitive information in emails.
We may change our Privacy Policy from time to time for any reason. If we do, we will publish an updated version on our website at Citi | Australia | Privacy (citigroup.com). This Privacy Policy was last updated 20 December 2023.