Privacy Statement and Cookie Policy

Welcome to the website of Citi Service Center Poland (Citi). This site provides information about how Citibank Europe plc Poland Branch looks after and processes your personal data when you visit our site.

Your privacy is our priority. Our goal is to maintain your trust and confidence when processing your personal information. Citi will not disclose or provide any information about you or your usage of the Citi site to any third parties for any purpose without your consent except as set forth in this Privacy Statement and Cookie Policy Statement.


This Privacy Statement explains how Citibank Europe plc, registered seat at Dublin, North Wall Quay 1, Ireland, registered in the Register of Companies in the Republic of Ireland, under the number 132781, conducting its business in the Poland through Citibank Europe plc (publiczna spółka akcyjna) Oddział w Polsce with its registered seat in Warsaw, at Prosta 36 Street, entered into the register of entrepreneurs maintained by the District Court for Warsaw, XII Commercial Division of the National Court Register, under the number KRS 240467, NIP 1080001260  ("we", "Citi", "us", “our”) uses or otherwise processes personal data when you visit our site.

  1. Who is responsible for your personal data and how can you make contact?

Citi is the controller responsible for your personal data. For more details you can contact our Data Protection Officer at or Citigroup Centre, 33 Canada Square, Canary Wharf, London E14 5LB, United Kingdom.

  1. What personal data does Citi process about you?

When using our website solely for informational purposes, if you do not register or otherwise provide us with information, we only collect personal data your browser transmits to our server.

This means data that is technically necessary for the display, stability and security of our website. (Legal Basis Art. 6 (1) (f) GDPR):

• IP address

• Date and time of the request

• Content of the request (concrete page)

• Website from which the request comes

• Browser

• Operating system and its interface

• Language and version of the browser software.

Your IP address serves as a response address for our server, which displays our website according to the above-mentioned data in your browser. This data cannot be assigned to specific people. We will not merge this data with other data sources. Your personal data, which you enter during the use of our service, will not be combined with the data listed here. Complete storage of your IP address is only necessary where required for the traceability of technical errors. The IP address is promptly deleted afterwards.

As a responsible company, we do not use automatic decision-making or profiling.

  1. Why do we process your personal data?

3.1 We process your personal data, as necessary to pursue our legitimate business and other interests, for the following reasons:

a) to respond to your inquiries regarding our services (Art. 6 (1) (b) GDPR);

b) to stay in touch with you if you have provided us with your business card , have contacted us or are in contact with us (Art. 6 (1) (f) GDPR);

c) to collect statistical information about the use of this website and to make the use of our website more user-friendly, effective and secure;

d) for any other purpose that we specifically tell you about when we obtain personal data about you.

3.2 We also process your personal data to comply with laws and regulations. We sometimes may go beyond the strict requirements of the relevant law or regulation, but only as necessary to pursue our legitimate interests in cooperating with our regulators and other authorities.

If we do rely on your consent we will make this clear to you at the time we ask for your consent.

  1. To whom do we disclose your personal data?

Your personal data are made available to our employees in particular in connection with the performance of their employment obligations which require the handling of your personal data, only to the extent that is necessary and in compliance with all security measures. In addition, your personal data is passed on to third parties involved in the processing of data, where appropriate, your personal data may be made available to third parties for other reasons in accordance with the applicable laws.

Prior to a transfer of your personal data to a third party, we will enter into a written agreement with that third party, in which we will outline the processing of personal data so that it contains the same guarantees for the processing of personal data that are in compliance with our legal obligations. We disclose your personal data for the reasons set out in Section 3.

4.1 We are authorized or directly obliged, without your consent, to transfer your personal data:

a) to legal, tax and other advisors or representatives, government and law enforcement authorities and other persons involved in, or contemplating, legal proceedings;

b) to competent regulatory, prosecuting, tax or governmental authorities, courts or other tribunals in any jurisdiction;

c) to other persons where disclosure is required by law.

  1. Where do we transfer your personal data?

We may transfer your personal data to Citi entities, regulatory, prosecuting, tax and governmental authorities, courts and other tribunals, service providers and other business counterparties located in countries outside the European Economic Area (EEA), including countries which have different data protection standards to those which apply in the EEA. Some of these countries are subject to a European Commission adequacy decision. For other countries, we have put in place European Commission-approved standard contractual clauses within Citi or with the relevant third party to protect this personal data. We also rely on other permitted data transfer mechanisms such as relying on the relevant third party’s Privacy Shield certification with respect to the United States of America or third party corporate rules (approved by EU data protection authorities and put in place to protect your personal data).

  1. How long do we keep your personal data?

We keep your personal data for the period of our relationship with you or for the appropriate time after termination of such relationship or agreement, which may be justified in order to defend our legal claims and to protect and enforce our rights, unless otherwise required by specific law or regulation.

  1. Security

We protect your personal data in a manner that ensures the highest possible security preventing any unauthorized or accidental access to, change, destruction or loss of your personal data, unauthorized transmissions and other processing or misuse of your data. We comply with appropriate technical and organizational measures to ensure a level of security that meets all possible risks; all persons who come in contact with your personal data have a duty to maintain confidentiality about information obtained in connection with the processing of such data.

  1. What are your rights in relation to personal data?

You have the right to

(i)                access your personal data;

(ii)               to correct inaccurate or untrue personal data, and ;

(iii)              to seek explanation in the event of a suspicion that the processing of personal data adversely affects the protection of your personal and private life or that your personal data are processed in contradiction with applicable law;

(iv)             demand the remedy of a situation that is contrary to the law, in particular by stopping personal data processing or by correction, completion or removal of your personal data;

(v)              erasure of your personal data if no longer necessary for the purposes for which they were collected or otherwise processed, or if it is discovered that they were processed unlawfully;

(vi)              restriction of the processing of personal data;

(vii)             to data portability;

(viii)            to object after which the processing of your personal data will be terminated unless it can be shown that there are serious legitimate reasons for such processing which prevail over the interests or rights and freedoms of yours, in particular, if the reason is the possible enforcement of legal claims.

We may ask you to verify your identity and to provide other details to help us to respond to your request. These rights will be limited in some situations; for example, where we are required to process your personal data by EU or EU member state law. To exercise these rights or if you have questions about how we process your personal data, please contact us using the contact details in Section 1. We hope that we can satisfy any queries that you may have about the way we process your personal data.

You can also complain to the relevant data protection authorities in the EEA member state where you live or work or where the alleged infringement of data protection law occurred (in Poland please contact the Personal Data Protection Office, with registered address at Stawki 2 Street, Post Code 00-193, Warsaw; email:

  1. Changes to this Privacy Statement

If we change it, to keep you fully aware of our processing of your personal data and related matters, we will post the new version to this website.


As a visitor to this site, you have the opportunity to make choices about how cookies and other personal and technical information which Citi collect and process, including any data that you may provide through this site

  1. 1.       Security of personal information

The security of personal information about you is our priority. We protect this information by maintaining physical, electronic, and procedural safeguards that meet applicable law. We train our employees in the proper handling of personal information. 

  1. 2.       Cookies

Cookies are files which enable the storage of information or access to information already stored on a telecommunications end device of an End-User during or after a visit on webpages, including the webpages of the Citi. Cookies used on webpages of the Citi do not store personal data, they are used, among other things, to remember User preferences or to protect webpages. Some of the functionalities of the Citi's webpages are not available when the User does not permit for the installation of cookies. For example, it will not be possible to send information from certain contact forms.

Information for the Users:

What type of cookies do we use?

(i)       Persistent cookies are files which are stored on the User's device even after leaving the browsed webpage. The aim of storing and accessing such information by the Citi is to remember User preferences during the visit of a User on a given webpage, e.g. saving User name when one is logging in to the transactions service. The purpose of this function is to enable the auto-filling of the User name field on the User's device when the Application is started again. At the same time, the User agrees that such information may be stored on their device. In order to delete the User name, select the saved name and choose the "Delete User" option from the menu.

(ii)     Session cookies are required by the Citi’s website to maintain proper information transfer between the server and the browser, and, thus, to ensure proper display of the contents of the visited webpage and to allow a fully-functional access to its functionalities. The aim of storing and accessing such information by the Citi is to identify a given session (the dialogue between the browser and the server) and the Users communicating with the server at the same time.

(iii)    Third-party cookies, i.e. cookies of third parties with whom the Citi cooperates, enable external companies to store information on the number of visits and the Users' activity on webpages. The aim of storing and accessing such information by the Citi is to collect data on the traffic on webpages. This is not personal data. Companies providing analytical services to the Citi are, for example, Geminus or Google.

  1. 3.       How to block the installation of cookies through the browser's settings?

Most browsers running in default settings allow cookies in order to provide the Users with comfort when accessing a website and to ensure its proper display. If a User does not want to have cookies installed on their telecommunications end device, they can block the installation of cookies by following these steps:

  1. When using Internet Explorer:

click on the main menu, select "Tools/Internet Options", then in the "Privacy" tab click "Advanced" and disable cookies.

  1. When using Mozilla Firefox:

click on the main menu, select "Tools" and then "Options" and adjust the privacy level in the "Privacy" panel.

  1. When using Opera:

click on the main menu, select "Tools" then from the "Preferences" tab select "Advanced" and then "Cookies".

  1. When using Google Chrome:

click on the menu on the right side of the screen, select "Options" then "Show advanced settings" and click on "Cookies".

The above browsers have been presented as examples. Due to a wide variety of browsers used by Users, there may be certain differences in adjusting the setting in such a way which would ensure the blocking of cookies. Usually the information about cookies can be found in the "Tools" or "Options" menu. Detailed information can usually be found on the webpage of the developer of a given browser.