Please be advised that this site is not optimized for use with Microsoft Internet Explorer 6.
Our goal is to maintain your trust and confidence when handling personal information about you.
This policy is effective as at 1 June 2022.
Ensuring that we manage your personal information securely and consistently with the Privacy Act
is a top priority for all of us at Citi in Australia, which includes Citigroup Pty Limited, Citibank NA
(Sydney Branch), and any other Citi entity registered in Australia (Citi, we, us, our) .This policy is
intended to help you understand how we manage the personal information that we collect about
you, how you can seek access to and correction of that information and, if necessary, how you can
make a complaint relating to our handling of that information. Unless stated otherwise, this policy is
relevant to the personal information of both our current and former customers, as well as other
individuals we may deal with (for example, guarantors, directors and shareholders relating to our
customers or individuals we deal with in other capacities as part of our business).
For information about our management of your credit-related information, please see our Credit
Reporting Policy which contains information about credit reporting, including the credit reporting
bodies with which we may share your credit information.
The nature of the personal information we collect and hold, and where it comes from, will vary
according to the circumstances in which we are dealing with you (for example, if you are a
customer, according to the specific product or service we are providing). This information may
• information we collect from you, persons acting on your behalf, or our affiliates, on applications
or other documentation or communications, such as your name, residential and business
addresses, telephone numbers, email and other electronic addresses, nationality, tax domicile,
associations with politically exposed persons, occupation, employment details, assets,
expenses, income, dependents and details about your business dealings and other events in
• information about your transactions and products with us, our affiliates, or third parties, such as
account balances, payment history, credit history and details about account activity and
• sensitive information, including health information (for example, health information you provide
to us when you acquire insurance products or make a hardship application in connection with a
• Australian or foreign government identifiers such as your tax file number, ABN, Medicare card
number, passport number or pension card number (for example, to verify your identity at the
time you request a product or service);
• other details relating to your relationship with us or our affiliates or third parties, including if we
deal with you in a capacity other than a customer (for example, information about agreements
or other arrangements or transactions you may have with us).
• location information, IP address and any third party sites you access when you visit our
websites or mobile apps.
We usually collect your personal information directly from you. However, sometimes we may need
to collect personal information about you from affiliates or third parties for the purposes described
below. The circumstances in which we may need to do this include, for example, where we need
information from a third party to assist us to process an application (such as to verify information
you have provided or to assess your circumstances) or to assist us to locate or communicate with
Your telephone calls and conversations with a Citi representative may be recorded and monitored
for quality, training and verification purposes.
We may hold your personal information in physical form or in electronic form on our systems or the
systems of our service providers.
The personal information we hold about you is protected by physical, electronic, and procedural
safeguards and we also require our service providers that hold and process such information on
our behalf to follow appropriate standards of security and confidentiality.
In order to satisfy our legal obligations we may need to retain your information even after a
transaction has come to an end (subject to our obligations under the Privacy Act).
We train people who work for us on how to handle personal information appropriately and we
restrict access to what is necessary for specific job functions
We will only collect, hold, use and disclose your personal information as reasonably necessary for
our business purposes and as permitted by law. These purposes may include:
• processing a product application or service request (including verifying a person's identity for
• managing our products and services or other relationships and arrangements, including
processing receipts, payments, invoices and managing reward programs;
• evaluating and monitoring credit worthiness;
• detecting and preventing fraud and other risks to us and our customers and assessing
insurance risks and claims;
• responding to inquiries about applications, accounts or other products, services or
• understanding our customers' needs and offering products and services to meet those needs;
• researching and developing our products and services and maintaining and developing our
systems and infrastructure (including undertaking testing);
• undertaking securitisation activities and other activities relating to funding and capital
• allowing our affiliates and selected companies to promote their products and services to
• assessing, processing and investigating insurance risks or claims;
• promotions and events, including competitions and ticket offers;
• dealing with complaints;
• meeting legal and regulatory requirements. Various Australian and international laws may
expressly require us to collect and / or disclose your personal information, or we may need to
do so in order to be able to comply with other obligations under those laws. Such laws include
the National Consumer Credit Protection Act (for example, to comply with responsible lending
requirements), the Anti-Money Laundering and Counter-Terrorism Financing Act (for example,
to comply with identity verification requirements), the Personal Property Securities Act and
State and Territory real property and security interests laws (for example, to register and
search for security interests), the Banking Act, the Financial Sector (Collection of Data) Act, the
Corporations Act and other regulatory legislation (for example, requiring us to maintain client
and transaction records, to provide information relating to your deposits and loans to APRA for
prudential and monitoring purposes and to make reports and provide other information to
regulators such as ASIC) and the Taxation Administration Act, the Income Tax Assessment Act
and other taxation laws (for example, to comply with information requests issued by the
Commissioner of Taxation);
• any purpose relating to organisations that have, or are wishing to acquire an interest in any part
of our business from time to time; and
• enforcing our rights, including undertaking debt collection activities and legal proceedings.
In common with many organisations, we obtain services from other Citi entities and external service providers, some of which may be located outside Australia, and your information may be provided to them for this purpose. We may also need to disclose your personal information to other Citi entities and to third parties for the purposes listed above.
Third parties to whom we disclose your personal information may include:
• our related Citi companies in Australia and overseas;
• sales agents and organisations that carry out functions on our behalf including card schemes, mailing houses, printers and call centre operators;
• legal, settlement and valuation service providers;
• data processing and market research service providers;
• regulatory bodies in Australia and overseas;
• financial and other advisors;
• participants in financial and payment systems, such as banks, credit providers, clearing entities and credit card associations;
• insurers, assessors and underwriters;
• brokers, introducers and other distributors;
• your guarantors and security providers;
• debt collectors;
• providers of loyalty incentives, rewards and other benefits in connection with a Citi account or service;
• other companies that we partner with to provide products and services, and their service providers;
• external dispute resolution schemes (for example, the Australian Financial Complaints Authority);
• organisations that have acquired, or are wishing to acquire an interest in any part of our business from time to time; and
• credit reporting bodies and other information providers. We may disclose your sensitive information for the purposes of assessing or approving a hardship application, and credit reporting bodies for the purposes of reporting if you have a hardship arrangement;
Some of these recipients may be located outside Australia. For more information about which countries your information may be sent to, please click here.
You are entitled under the Privacy Act to access personal information we hold about you, please contact us using the contact details below.
Given the range and diversity of Citi's operations in Australia, to help us locate and provide the information you request, we would ask that you be reasonably specific about the information you require.
We will need to validate the identity of anyone making an access request, to ensure that we do not provide your information to anyone who does not have the right to that information.
If you are seeking information on another person's behalf, we will require authorisation from that individual.
Gaining access to your personal information is subject to some exceptions allowed by law. Factors affecting a right to access include where:
• we reasonably believe that access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety;
• access would have an unreasonable impact on the privacy of others;
• the request for access is frivolous or vexatious;
• the information relates to a commercially sensitive decision making process;
• access would be unlawful;
• denying access is required or authorised by or under an Australian law or a court / tribunal order;
• access would prejudice enforcement activities or the taking of appropriate action in relation to unlawful activity or serious misconduct;
• the information relates to existing or anticipated legal proceedings between you and Citi and would not be accessible by the process of discovery; or
• the information would prejudice negotiations with you.
There is no charge for making an access request but an administration fee may apply for providing access in accordance with your request. Your request will usually receive a response within 30 days.
We take all reasonable precautions to ensure that the personal information we collect, use and disclose is accurate, complete and up-to-date and relevant. However, if you believe that this is not the case in relation to any personal information we hold about you, you have the right under the Privacy Act to request that we correct that information. If you would like to do so please contact us using the contact details below.
If we do not agree with a request to correct information we hold in relation to you we will give you notice in writing as to our reasons and the mechanisms available to you to complain about our decision. You may also request us to associate a statement with that information to the effect that the information is inaccurate, out-of-date, incomplete, irrelevant or misleading so that it is apparent to users of the information.
If you are seeking to correct information on another person's behalf, we will require authorisation from that individual.
If you have reason to believe that we have not complied with our obligations under the Privacy Act in relation to your personal information, we urge you to raise this with our Customer Advocacy Unit. There are three ways you can lodge your complaint:
By telephone Call 1300 308 935 (within Australia) or +61 2 8225 0615 (from overseas) between 9 AM – 5 PM
Monday to Friday (AEST).
In writing Mail your written complaint to:
Customer Relations Unit
GPO Box 204, Sydney NSW 2001
We will investigate all complaints and respond to you as soon as practicable. If we find a complaint justified, we will resolve it. If necessary, we will change policies and procedures to maintain our high standards of performance, service and customer care.
If you are not happy with the way your privacy-related complaint is being handled, you can also contact the Privacy Officer using the contact details below.