BANKING, CAPITAL MARKETS AND ADVISORY, INCLUDING ISSUER SERVICES, PRIVACY STATEMENT


The General Data Protection Regulation has been introduced across the European Union and European Economic Area (EU/EEA) and came into force on 25 May 2018. This Privacy Statement makes it easier for you to find out how we use and protect your personal information at Citi. We are not changing the way we process your information, but this Privacy Statement provides you with additional information such as:

  • Your increased rights in relation to the information we hold on you;
  • The types of personal information Citi collects about you and how we use it; and
  • The legal grounds on which we use your information.

This Privacy Statement applies to:

  • Citi’s Banking, Capital Markets and Advisory businesses which consist of relationship coverage across Citi’s Institutional Clients Group, mergers and acquisitions, bank lending within Citi’s corporate loan portfolio and corporate broking services and
  • debt and equity capital markets origination and loan origination and syndication, including investment grade loans, investment grade bonds, leveraged loans, high yield bonds, Initial Public Offerings (IPOs), and structured products, such as securitisation; and
  • Citi's Issuer Services businesses which include the following services: agency and trust and depositary receipts.

This Privacy Statement explains how Citi processes personal data about people with whom we come into contact (referred to as “you” in this document) in the course of our dealings with our clients and other relevant persons. These include employees, officers, directors, beneficial owners and other personnel of our clients, service providers, syndicate members and other business counterparties, including our professional advisors and those of our clients (referred to as "Your Organisation" in this document).

1. Who is responsible for your personal data and how can you contact them?

The Citi entities listed at the end of this Privacy Statement (referred to as "we" and "Citi" in this document) are the controllers of your personal data.

For more details you can contact your relationship manager or our Data Protection Officer at dataprotectionofficer@citi.com or writing to Chief Data Privacy Officer (EMEA), Citigroup Centre, 33 Canada Square, Canary Wharf, London E14 5LB, United Kingdom.

2. Why do we process your personal data?

We may process your personal data, as necessary to pursue legitimate business interests in providing services to you or our clients, for the following purposes:

  • to provide products and services to our clients and to communicate with you and/or our clients about them;
  • to manage, administer and improve our business and client and service provider engagements and relationships and for corporate marketing, business development and analysis purposes;
  • to manage our information technology and to ensure the security of our systems;
  • to establish, exercise and/or defend legal claims or rights and to protect, exercise and enforce our rights, property or safety, or to assist our clients or others to do this;
  • to investigate and respond to complaints or incidents relating to us or our business, to maintain service quality and to train staff to deal with complaints and disputes; and
  • for any other purpose that we specifically tell you about when we obtain data about you (or our client tells you about on our behalf).

Where we process your data under the legal basis of legitimate interests, described above, we take in consideration your interests, your fundamental rights or freedoms, and your right to object, taking into account that for fraud prevention, network or information security, a data subject's objection may not be sufficient to override the Data Controller's legitimate interests.

We also process your personal data to comply with laws and regulations and in cooperating with our regulators and other authorities, complying with foreign laws, preventing or detecting financial and other crimes and regulatory breaches, and protecting our businesses and the integrity of the financial markets. This involves processing your personal data for the following reasons:

  • to cooperate with, respond to requests from, and to report transactions and/or other activity to, government, tax or regulatory bodies, financial markets, brokers or other intermediaries or counterparties, courts or other third parties;
  • to monitor and analyse the use of our products and services for risk assessment and control purposes (including detection, prevention and investigation of fraud);
  • to conduct compliance activities such as audit and reporting, assessing and managing risk, maintenance of accounting and tax records, fraud and anti-money laundering (AML) prevention and measures relating to sanctions and anti-terrorism laws and regulations and fighting crime. This includes know your customer (KYC) screening (which involves identity checks and verifying address and contact details), politically exposed persons screening (which involves screening client records against internal and external databases to establish connections to ‘politically exposed persons' (PEPs) as part of client due diligence and on-boarding) and sanctions screening (which involves the screening of clients and their representatives against published sanctions lists); and
  • to record and/or monitor telephone conversations so as to maintain service quality and security, for staff training and fraud monitoring and to deal with complaints, disputes and potential and/or actual criminal activity. To the extent permitted by law, these recordings are our sole property.

If you do not provide information that we request, we may not be able to provide (or continue providing) relevant products or services to, or otherwise do business with, you or Your Organisation.

We do not require consents obtained in any contract with you as our legal basis for processing personal data under EU/EEA data protection laws or under laws which are equivalent to EU/EEA data protection laws.

3. Where does Citi obtain personal data about you?

We process personal data that you provide to us directly or indirectly via our communications and other dealings with you and/or Your Organisation. Your Organisation may also give us some personal data about you. This may include your name, company, title, date of birth and job description, contact details such as your business email address, physical address and telephone number and other information required for legal or regulatory purposes including KYC, AML and/or sanctions checking purposes (e.g., copies of your passport or a specimen of your signature) or for transaction management purposes. We may also obtain some personal data about you from the public domain.

4. To whom do we disclose your personal data?

We may disclose your personal data, for the reasons set out in Section 2, as follows:

  • to Your Organisation in connection with the products and services that we provide to it if Your Organisation is our client, or otherwise in connection with our dealings with Your Organisation;
  • to other Citi entities (this includes the entities referenced at http://www.citigroup.com/citi/about/countrypresence/) for the purpose of managing your or Your Organisation's relationships;
  • to counterparty banks, central banks, payment infrastructure providers and other persons from whom we receive, or to whom we make, payments on Your Organisation's behalf;
  • to brokers, custodians, sub-custodians, fund administrators, fund houses, depositaries, trustees, financial market infrastructure service providers (including settlement service providers, central securities depositories, exchanges, central clearing counterparties and other similar entities) and other persons from whom we receive, or to whom we make, payments on our clients' behalf, in each case to service your or Your Organisation's account and investments;
  • to service providers that provide application processing, fraud monitoring, call centre and/or other customer services, hosting services and other technology and business process outsourcing services;
  • to our professional service providers (e.g., legal advisors, accountants, auditors, insurers and tax advisors);
  • to legal advisors, government and law enforcement authorities and other persons involved in, or contemplating, legal proceedings;
  • to competent regulatory, prosecuting, tax or governmental authorities, courts or other tribunals in any jurisdiction or market, domestic or foreign;
  • to other persons where disclosure is required by law; and
  • to enable products and services to be provided to you, Your Organisation or our clients.
5. Where do we transfer your personal data?

We may transfer your personal data to Citi entities, regulatory, prosecuting, tax and governmental authorities, courts and other tribunals, service providers and other business counterparties located in countries outside the EU/EEA, including countries which have different data protection standards to those which apply in the EU/EEA. This includes transfers of personal data to countries including India and the United States of America. When we transfer your personal data to Citi entities, service providers or other business counterparties in these countries, we will ensure that they protect your personal data in accordance with EU/EEA-approved standard data transfer agreements or other appropriate safeguards.

6. How long do we keep your personal data?

We retain personal data in connection with a financial transaction, followed by a prudential retention period thereafter. The length of this retention period is determined by the legal statute of limitations in the country where the transaction took place or the law governing the contract or transaction.

Telephone recordings or electronic communications that resulted (or may have resulted) in a transaction will be retained and will be available to you from the date of that communication also for the duration of the legal retention period applicable in your country.

7. What are your rights in relation to personal data?

You can ask us to: (i) provide you with a copy of your personal data; (ii) correct your personal data; (iii) erase your personal data; or (iv) restrict our processing of your personal data. You can also opt out of the processing of your personal data for direct marketing purposes or object to our other processing of your personal data. These rights will be limited in some situations; for example, where we are required to process your personal data by EU/EEA or EU/EEA member state law, or the guidelines from our financial or prudential regulators require us to retain your data for a certain period after a transaction is closed.

To exercise these rights or if you have questions about how we process your personal data, please contact us using the contact details of our data protection officer in Section 1.

If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with our lead data protection authority (the Information Commissioner's Office) in cross-border transactions, or the relevant data protection authorities in the EU/EEA member state where you live or work or where the alleged infringement of data protection law occurred. Contact details for the Information Commissioner's Office and other relevant data protection authorities can be found here.

8. Changes to this Privacy Statement

This Privacy Statement took effect on 25 May 2018. We will review it regularly, and if we change it, to keep you fully aware of our processing of your personal data and related matters, we will post the new version to this website.

9. Data controllers

The relevant data controllers of your personal data in relation to Citi's Banking, Capital Markets and Advisory businesses and Citi’s Issuer Services businesses are as follows.

Banking, Capital Markets and Advisory businesses: one or more of the following entities:

Head Office

Branches

Citibank Europe plc
1 North Wall Quay
Dublin, 1
Ireland

Citibank Europe plc, Austria Branch
Citibank Europe plc, Belgium Branch
Citibank Europe plc, Bulgaria Branch
Citibank Europe plc, Denmark Branch
Citibank Europe plc, Dublin - Romania Branch
Citibank Europe plc, Finland Branch
Citibank Europe plc, France Branch
Citibank Europe plc, Germany Branch
Citibank Europe plc, Greece Branch
Citibank Europe plc, Hungarian Branch Office
Citibank Europe plc, Netherlands Branch
Citibank Europe plc, Norway Branch
Citibank Europe plc, organizacni slozka
Citibank Europe plc, pobocka zahranicnej banky
Citibank Europe plc, Sucursal em Portugal
Citibank Europe plc, Sucursal en España
Citibank Europe plc, Sweden Branch
Citibank Europe plc, UK Branch

Citigroup Global Markets Limited
Citigroup Centre
Canada Square, Canary Wharf
London E14 5LB
United Kingdom

Citibank, N.A., London Branch
Citigroup Centre
Canada Square, Canary Wharf
London E14 5LB
United Kingdom

Citibank, N.A., Milan Branch
Via dei Mercanti, 12
20121 Milan
Italy

Citigroup Global Markets Europe AG
5th Floor Reuterweg 16
60323 Frankfurt
Germany

Bank Handlowy w Warszawie S.A.
ul. Senatorska 16
00-923 Warsaw
Poland

Citigroup España SA
José Ortega Y Gasset, 29
28006 Madrid
Spain

Dom Maklerski Banku Handlowego S.A.
ul. Senatorska 16
Warsaw, 00-923
Poland

Issuer Services business: one or more of the following entities:

Head Office

Branches

Citibank, N.A., London Branch
Citigroup Centre
Canada Square, Canary Wharf
London E14 5LB
United Kingdom

Citibank Europe plc Germany
Citibank Europe plc Italy

Citigroup Global Markets Europe AG
5th Floor Reuterweg 16
60323 Frankfurt
Germany

Citicorp Trustee Company Limited
Citigroup Centre
Canada Square, Canary Wharf
London E14 5LB
United Kingdom

Citibank Europe plc
1 North Wall Quay
Dublin, 1
Ireland