Terms and Conditions for Citibank Online Banking and Citi Mobile Services and The Personal Information Protection Policy
The Terms and Conditions should be read in conjunction with the Privacy Terms in clause 9.1 hereunder.
1. Important Information
1.1 The Customer can use Citibank Online Banking and Citi Mobile (“Online Banking and Citi Mobile”) to access the Customer’s Account and to receive message from the Bank. The Customer shall read these Terms and Conditions carefully as they govern the Customer’s use of Online Banking and Citi Mobile. The Customer shall keep them with the Customer’s important papers. Before using Citibank Online, it is important that the Customer knows the Customer’s rights and obligations so that the Customer can gain maximum benefit from the services Online Banking and Citi Mobile offers and have at the same time maximum protection for the Customer’s banking transactions.
1.2 The Customer can print out these Terms and Conditions, or download these Terms and Conditions to the Customer’s computer.
1.3 If the Customer has any questions or comments in relation to Online Banking and Citi Mobile, please call our Service Hotline at 95038 / 400-821-1880 / 800-830-1880 (For land lines within mainland China). If the Customer is overseas, please call (+86)-(21)-3896-9500. Charges may apply to the Customer from telecommunication service providers (charging standard for such communication is formulated by the telecommunication service provider).
2. Definitions
2.1 In these Terms and Conditions unless the context requires otherwise:(a) "Access Card" means any Online Banking and Citi Mobile access card authorized by the Bank or bankcard issued by the Bank or other facilities provide by the Bank for use on the Customer’s Account. (b) "Virtual Access Card Number" means the number of an Online banking and Citi Mobile virtual access card authorized by the Bank for use on the Customer’s Account. (c) "Access Service Provider" means any Internet service provider, any commercial online service provider providing connection to the Internet in addition to its own proprietary network, or any telecommunications carrier. (d) "Account" means one account or more of the Customer’s foreign currency remittance, note savings and time deposit accounts, RMB savings and time deposit or any other accounts which may be accessed through Online Banking and Citi Mobile as may be determined by the Bank from time to time. (e) "Account Conditions" means the terms and conditions of the relevant Account which may be accessed through Online Banking and Citi Mobile. (f) "Bank" or "Bank’s" means the specific branch or sub-branch of Citibank (China) Co., Ltd. where the Customer has opened an account, or any of its successors and assigns. (g) "Business Day" means any day the Bank is open for business in China, but does not include any public holiday. (h) "China" means the People's Republic of China, for purpose of these Terms and Conditions, it does not include Hong Kong Special Administrative Zone, Macao Special Administrative Zone and Taiwan. (i) "Online Banking and Citi Mobile" means an electronic service that permits the Customer to access through the Internet the Customer’s account information, receive information and conduct transactions provided by the Bank through the use of a personal computer terminal upon correct input of the Customer’s Identifier / Card Number and Code / PIN. (j) "Code" means information:
(i) the content of which is known to the Customer and any Nominee and is intended to be known only to the Customer and any Nominee or only to the Customer;
(ii) which the Bank requires the Customer and any Nominee to keep secret;
(iii) which the Customer and any Nominee must provide (in any manner) to or through a Device or Electronic Equipment in order to access the Customer’s Account; and
(iv) includes the Customer’s PIN or password.
(k) "Customer", "Customer’s" or "Customer Himself/Herself" means the person in whose name an Account is held, and includes the Customer’s Nominee where applicable. (l) "Device" means a device used with Electronic Equipment to access the Customer’s Account, for example an Access Card (or Virtual Access Card Number, as the case may be). (m) "Electronic Equipment" includes electronic terminals (such as ATM), computer, telephone, mobile phone and any other equipment used for effecting Transactions. (n) "Identifier" means information:
(i) the content of which is known to the Customer and any Nominee but not only to the Customer and any Nominee and which the Customer and any Nominee are not required to keep secret; and
(ii) which the Customer and any Nominee must provide (in any manner) to or through a Device or Electronic Equipment in order to access the Customer’s Account. (An Identifier may be, for example, an account number, an Access Card number (or Virtual Access Card Number, as the case may be), an Access Card expiry date (if applicable)).
(o) "Nominee" means a person who is authorized to effect transactions pursuant to clause 6. (p) "Other Software Provider" means any provider of software and information accessible through Online Banking and Citi Mobile, other than the Bank or any of the Bank’s parent, subsidiary, affiliated or associated companies. (q) "PIN" means the Code in the form of the personal identification number allocated by the Bank to a Customer and can be changed online by the Customer from time to time. (r) "Renminbi" or "RMB" or "¥" means the lawful currency of the People's Republic of China. (s) "Terms and Conditions" means these Terms and Conditions governing the use of Online Banking and Citi Mobile. (t) "Transaction" means any transaction authorized by the Customer or any Nominee which is made by any of the methods, set out in clause 16. (u) "Unauthorized Transaction" means a Transaction which is made without the Customer’s or any Nominee's knowledge, consent or authorization. (v) "OTP" means One Time Password, which is generated instantly by the Bank and sent to the Customer's mobile phone number which is registered by the Customer with the Bank or generated by hardware token registered by the Customer with the Bank. (w) “Applicable Laws” means, in terms of each party, any laws, regulations, rules, directives, guidelines, treaties, judgements, orders or notices issued by any governmental authorities and/or regulators which are binding to such party.
3. General
3.1 The Customer’s use of Online Banking and Citi Mobile is to be governed by these Terms and Conditions, which are to be read together with the Account Conditions for the banking Customer, or with the provisions related to the credit card (including, but not limited to credit card applications, credit card charter and agreement and so on) for the credit card Customer. Where there is any inconsistency between these Terms and Conditions and the Terms and Conditions for Account Products and Services or credit card related provisions, the latter shall prevail, to the extent of any such inconsistency.
4. Accepting Terms and Conditions
4.1 The Customer agrees that first use of Online Banking and Citi Mobile by the Customer or the Customer’s Nominee will constitute agreement by both the Customer himself/herself and the Customer’s Nominee to the Terms and Conditions. The Customer and the Customer’s Nominee agree to use Online Banking and Citi Mobile solely as provided by these Terms and Conditions. The Customer should ensure that both the Customer and the Customer’s Nominee have read and understood these Terms and Conditions.
5. Maintaining the Customer's Accounts
5.1 The Customer agrees to properly maintain and comply with the terms and conditions governing the Customer’s Account.
6. Nominee
6.1 The Bank may (at its discretion) allow an additional person nominated by the Customer (Nominee) to effect Transactions on the Customer’s Account.
6.2 A Nominee will be authorized by the Customer to separately affect Transaction/s. Use of Online Banking and Citi Mobile to affect Transactions on the Customer’s Account by the Nominee is subject to the Terms and Conditions.
6.3 The Customer is responsible for all amounts arising from, or losses incurred by the Bank in connection with transactions being effected on the Customer’s Account by a Nominee (including any in breach of the Terms and Conditions).
6.4 The appointment of a Nominee shall continue until the Bank receives notice in writing from the Customer revoking or altering the appointment.
6.5 The Customer undertakes not to let anyone (other than the Customer’s Nominee) use Online Banking and Citi Mobile.
7. Gaining Access to and Use of Online Banking and Citi Mobile
7.1 The Customer understands that the Customer will gain access to Online Banking and Citi Mobile through the Access Service Provider in the country from where the Customer accesses Online Banking and Citi Mobile, therefore, such access will also be subject to and governed by the relevant laws and regulations of that country and any terms and conditions prescribed by that Access Service Provider.
7.2 The Customer ensures that the material, information and/or photographs/images submitted to and/or uploaded in the Online Banking and Citi Mobile shall be authentic, accurate and complete and shall not violate any Applicable Laws.
7.3 Supply and maintenance of any equipment necessary to enable the Customer to use Online Banking and Citi Mobile (including any hardware and software) and maintenance of an account with an Access Service Provider to enable the Customer to use Online Banking and Citi Mobile, is solely the Customer’s responsibility.
7.4 The Customer must: (a) take reasonable steps to maintain the security of the Customer’s hardware and software; and (b) sign off / log off Online Banking and Citi Mobile before leaving a computer or other handheld device used to access Online Banking and Citi Mobile unattended.
7.5 In order to access Online Banking and Citi Mobile, the Customer needs to key in (when prompted): (a) the Customer’s Identifier / Card Number; and (b) the Customer’s Code / PIN.
7.6 For the transaction security purpose, Customer acknowledges and accepts that the Bank shall be entitled to requests the Customer to use the OTP to access the Bank’s services and conduct the transactions in Online Banking and Citi Mobile.
7.7 The Bank may suspend or terminate the Customer’s or any Nominee's use of Online Banking and Citi Mobile if the Bank reasonably believes that: (a) it was induced by fraud or misrepresentation by the Customer (or any other person) to grant use of Online Banking and Citi Mobile or issue an Access Card (or Virtual Access Card Number, as the case may be) or other Identifier; (b) there has been fraud or misrepresentation with respect to the operation of an Account; or (c) the continued use of Online Banking and Citi Mobile or an Access Card or the Customer’s Account may cause a loss either to the Bank, the Customer himself/herself or a Nominee or will cause the Bank to breach any applicable law.
8. Canceling Online Banking and Citi Mobile Service
8.1 The Customer understands that the Customer has to come to the Bank in person with the Customer’s valid identification documents to apply if the Customer wishes to cancel his/her “Online Banking and Citi Mobile” service. As Citi Mobile is an extension of Citibank Online in terms of channel, customer's cancellation will be applied to both Citibank Online and Citi Mobile at the same time; application to cancel one of the two services is not accepted.
9. The Customer's Privacy
9.1 The Bank will use the Customer’s personal information for the purpose of providing the Customer with Online Banking and Citi Mobile services. The Customer’s personal information may be disclosed to organizations that assist the Bank with the provision of these services. For further information on the Bank's privacy policies, the Customer can: (a) refer to the relevant Account Conditions; or(b) click on the Privacy link of the Online Banking website www.citibank.com.cn; and Citi Mobile.
1) Privacy term link of Online Banking https://www.citibank.com.cn/sim/english/footer/privacy.htm
2) Citi Mobile homepage bottom ‘Privacy Statement’ option.
9.2 The Customer may suspend or terminate a specific service item of the Online Banking and Citi Mobile service by logging on to the Bank site and disabling the relevant service item or contacting a CitiPhone operator and requesting this to be done on the Customer’s behalf. (a) the Customer’s Identifier / Card Number; and (b) the Customer’s Code / PIN.
9.3 On the premise that the Customer grants login device phone number permission, Citi Mobile collects the Customer’s mobile phone number for the purpose to detect fraud activity. The Bank may monitor Transactions and the Customer’s use of Online Banking and Citi Mobile for quality control purposes including for the prevention of fraud.
9.4 The Bank may disclose and/or grant access to any and all information relating to the Customer and the Customer’s Account to the supervisory authorities inside the People's Republic of China, such as the People's Bank of China, China Banking and Insurance Regulatory Commission and the State Administration of Foreign Exchange and their successors, and to the supervisory authorities outside the People's Republic of China where the Customer and the Customer’s Nominee are located according to the laws and regulations of the respective jurisdictions governing disclosure of account information to which the Bank may be subject.
10. Protecting the Customer's Account
10.1 The Customer’s role is extremely important in the prevention of any unauthorized access to the Customer’s Account through Online Banking and Citi Mobile. If the Customer discovers any Unauthorized Transactions, the Customer must immediately call a CitiPhone operator via our Service Hotline at 95038 / 400-821-1880 / 800-830-1880 (For land lines within mainland China). If the Customer is overseas, please call (+86)-(21)-3896-9500. Charges may apply to the Customer from telecommunication service providers (charging standard for such communication is formulated by the telecommunication service provider).
11. Securing the Customer’s Access Card (or Virtual Access Card Number, as the case may be) and Code/PIN
11.1 The security of the Access Card (or Virtual Access Card Number, as the case may be) and Code is very important. If the Customer or any Nominee issued with an Access Card (or Virtual Access Card Number, as the case may be) fails to observe these security requirements the Customer may incur increased liability for any Unauthorized Transactions (see clause 22).
11.2 The Customer and any Nominee issued with an Access Card (or Virtual Access Card Number, as the case may be) must: (a) If the Customer applies for Online Banking and Citi Mobile Services at the same tine when the Customer is completing the formalities for opening an account and if the Bank issues an Access Card, upon the Bank’s request, sign the strip on the reverse side of the Access Card immediately upon receiving it; (b) not tell anyone including family members or friends the Customer’s respective Virtual Access Card Number or Codes; (c) not allow anyone use Customer's Card or password or authentication information; (d) Use care to prevent anyone else seeing the Customer’s Code being entered into an Electronic Equipment or overhearing the Customer’s Code; (e) take reasonable steps to protect the Customer’s Access Card (or Virtual Access Card Number, as the case may be) or Code from loss or theft; and (f) immediately destroy any expired Access Card by cutting it diagonally in half.
11.3 It is recommended that the Customer and any Nominee issued with an Access Card (or Virtual Access Card Number, as the case may be) memorize the Customer’s respective Codes and then destroy any record of them. The Customer and any Nominee MUST NOT: (a) choose a Code which is clearly identified with the Customer or any Nominee (such as birth date, phone number, postcode or car registration number) or which represents a recognizable part of the Customer’s or any Nominee's name; (b) choose a Code which has an easily retrieved combination (such as repeated or consecutive numbers or letters e.g. 1111, 1234, BBBB or BCDE); (c) write or in any way indicate the Customer’s Code on the Customer’s Access Card (if applicable) even if disguised; or (d) keep a record of the Customer’s Code (without making a reasonable attempt to disguise the Code) on any item normally carried with or stored with the Customer’s Access Card (or Virtual Access Card Number, as the case may be) or Identifier, or liable to loss or theft at the same time with the Access Card (or Virtual Access Card Number, as the case may be) or Identifier.
11.4 The following are examples of what is NOT a reasonable attempt to disguise a Code: (a) recording the Code as a telephone number where no other numbers are recorded; (b) recording the Code amongst other numbers or letters with any of them marked to indicate the Code; (c) recording the Code in reverse order; (d) recording the Code as a telephone number or name with the Code in its correct sequence; (e) recording the Code disguised as a date or an amount; or (f) recording the Code in an easily understood form.
11.5 It is strongly recommended that the Customer and any Nominee should not carry the Customer’s respective Codes with the Customer’s respective Access Cards (or Virtual Access Card Number, as the case may be) or Identifiers or record the Customer’s respective Codes elsewhere even if they have been disguised.
11.6 The Customer shall keep his/her mobile phone which the OTP will be sent to (hereinafter the “Registered Mobile Phone”) appropriately. When the Customer updates the Registered Mobile Phone number, the Customer shall register the updated phone number with the Bank by calling Bank’s hotline or getting access to Online Banking or visiting the branches.
12. Lost or Stolen Access Card (or Virtual Access Card Number, as the case may be) or Code/ PIN and Unauthorized Transactions
12.1 When the following situations occur, the Customer or any Nominee must notify the Bank immediately and provide all information as required. Please contact the Bank’s staff via our Service Hotline at 95038 / 400-821-1880 / 800-830-1880 (For land lines within mainland China). If the Customer is overseas, please call (+86)-(21)-3896-9500. Charges may apply to the Customer from telecommunication service providers (charging standard for such communication is formulated by the telecommunication service provider). (a) an Access Card (or Virtual Access Card Number, as the case may be) is lost, stolen or be disclosed to other person; (b) a Code is lost, stolen or disclosed to someone else; (c) a Registered Mobile Phone is lost, stolen or provided to someone else; or (d) The Customer or any Nominee suspects that:
(i) a Code is lost, stolen or has become known by someone else;
(ii) which the Bank requires the Customer and any Nominee to keep secret;
(iii) the Customer’s respective Access Card (or any expired Access Card) (or Virtual Access Card Number, as the case may be), Identifier or Code and OTP has been used to effect an Unauthorized Transaction or has otherwise been misused.
12.2 Upon receipt of notification the Bank will cancel the Access Card (or Virtual Access Card Number, as the case may be) and/or Code, and/or Registered Mobile Phone number and may cancel the Identifier. The Bank will provide the caller with a notification number. A cancelled Access Card (or Virtual Access Card Number, as the case may be) (even if the Access Card (or Virtual Access Card Number, as the case may be) is subsequently found) and/or Code or Identifier or Registered Mobile Phone number should not be used again.
13. Service Availability
13.1 Online Banking and Citi Mobile is available 24 hours a day, 7 days a week. However, some or all of the banking services that may be accessed through Online Banking and Citi Mobile may not be available at certain times due to the maintenance, non-use or malfunction of Online Banking and Citi Mobile. In the event of such unavailability, the Customer can call our Service Hotline at 95038 / 400-821-1880 / 800-830-1880 (For land lines within mainland China), visit the Bank’s branches to conduct the Customer’s banking transactions. If the Customer is overseas, please call (+86)-(21)-3896-9500.
14. Customer Service
14.1 If the Customer needs any assistance with Online Banking and Citi Mobile, the Customer can contact our CitiPhone staff via our Service Hotline at 95038 / 400-821-1880 / 800-830-1880 (For land lines within mainland China). If the Customer is overseas, please call (+86)-(21)-3896-9500.
15. Use of Electronic Mail
15.1 The Customer cannot use electronic messages to initiate or conduct banking transactions on the Customer’s Account. For banking transactions, please use the appropriate functions within Online Banking and Citi Mobile. For banking transactions, please use the appropriate functions within Online Banking and Citi Mobile. The Customer can also call our Service Hotline at 95038 / 400-821-1880 / 800-830-1880 (For land lines within mainland China), visit the Bank’s branches to conduct the Customer’s banking transactions. If the Customer is overseas, please call (+86)-(21)-3896-9500.
16. Online Banking and Citi Mobile Services
16.1 Online Banking and Citi Mobile enables the Customer to have direct access to the Customer’s Account and to effect a number of banking services including without limitation: (a) obtain account balances and transaction history; (b) obtain/enroll/cancel Electronic statement (applicable to Online Banking only); (c) obtain information from the personalized page (applicable to Online Banking only); (d) online fund transfer and payment; (e) Citibank alert services; (f) trade products sold by Citibank through Online Banking and/or Citi Mobile. Customer agrees to pay the service fee according to the Bank’s fee standard effective then. New services may be added from time to time, please get the latest information about the service and transaction scope of Online Banking and Citi Mobile from Citibank website: www.citibank.com.cn and Citi Mobile.
16.2 Online Banking and Citi Mobile enables the Customer to have direct access to the Customer’s Account and to effect a number of credit card services including without limitation: (a) obtain credit card limit and balances and transaction history; (b) obtain/enroll/cancel Electronic statement ; (c) transaction easy payment plan booking and inquiry; (d) statement installment application; (e) Citi rewards, miles inquiry(applicable to Citi Mobile only); (f) Citibank alert services. New services may be added from time to time, please get the latest information about the service and transaction scope of Online Banking and Citi Mobile from Citibank website: www.citibank.com.cn and Citi Mobile.
16.3 According to regulatory requirement, the Bank will set transaction amount/count limit for remote channel transactions(including online banking, mobile banking and phone banking). The Customer should refer to Online Banking Fund Transfer Limit Announcement and the disclaimers for details when the Customer conducts transactions. By accepting this Terms and Conditions, the Customer will accept the transaction amount/count limit. The Customer shall always refer to the Bank website for the latest online fund transfer limit updates.
17. Currency of Information
17.1 Information available through Online Banking and Citi Mobile concerning balances on Accounts may not always be completely up to date, although in most cases should at least reflect the transactions and balances of the Account up to the close of business on the previous Business Day.
18. Errors, Questions or Complaints
18.1 If the Customer has a complaint or believes that an error has occurred in relation to the Customer’s Account, the Customer can contact our CitiPhone staff via our Service Hotline at 95038 / 400-821-1880 / 800-830-1880 (For land lines within mainland China). If the Customer is overseas, please call (+86)-(21)-3896-9500. The customer can also visit the Bank’s branches, find “contact us” on the online banking (www.citibank.com.cn), or send email to consumer.china@citi.com.
18.2 The Customer must then provide written notice to the Bank with sufficient details to enable the Bank to investigate the enquiry. The notice shall include the following information: (a) the Customer’s name, address and number of the Customer’s Account; (b) details of the complaint or error; and (c) any other information requested by the Bank.
18.3 The Customer must comply with reasonable request by the Bank for further information.
19. Proprietary Rights in Online Banking and Citi Mobile
19.1 The Customer acknowledges that all proprietary rights (including without limitation title, patent rights and copyright) in Online Banking and Citi Mobile (including without limitation the Online Banking and Citi Mobile Internet site) shall at all times vest and remain vested in the Bank.
20. No Warranty for the Accuracy of Third Party Information
20.1 Where the Bank provide the Customer through Online Banking and Citi Mobile with any information which the Bank obtains from any third party, the Customer acknowledges and agrees that the Bank does not warrant the accuracy or completeness of any such third party information.
21. Reliance on the Customer's Instructions
21.1 The Bank is entitled to presume, unless proved to the contrary, that the Customer has given any instructions including the Customer’s Identifier (including Card Number), Code (including PIN) and OTP, and that they are valid and binding on the Customer.21.2 The Customer acknowledges and accepts that:(a) the Bank cannot verify by way of signature comparison whether the user of the Customer’s respective Identifiers, Codes and OTP is the Customer or the Customer’s Nominee; and (b) the Customer’s Identifier, Code and OTP allow anybody correctly using them to conduct the type of operations on Accounts for which Online Banking and Citi Mobile provides access.
22. Liability for Unauthorized Transactions
22.1 The Customer or the Customer’s Nominee shall be liable for an Unauthorized Transaction which is resulted from any of the following activities of the Customer or the Customer’s Nominee (including but not limited to):(a) voluntarily disclosing the Code; (b) indicating the Code on the Access Card or Virtual Access Card Number; (c) having the OTP and/or the Registered Mobile Phone lost or stolen and/or voluntarily providing the OTP and/or Registered Mobile Phone to anyone else; (d) keeping a record of the Code (without making any reasonable attempt to disguise the Code) with any article carried with the Access Card (or Virtual Access Card Number, as the case may be) or Identifier; or (e) losing or being stolen at the same time with the Access Card (or Virtual Access Card Number, as the case may be) or Identifier.
23. Limit of the Bank's Liability
23.1 Subject to Clause 23.2, while the Bank undertakes to make reasonable efforts to ensure full performance of Online Banking and Citi Mobile, neither the Bank nor any of the Bank’s parent, subsidiary, affiliated or associated companies are liable to the Customer for any loss or liability of any kind caused by any delay or failure of Online Banking and Citi Mobile to provide information by reason of or in connection with: (a) any malfunctions of personal computer terminal, related facilities, mobile phones and other handheld devices, or other software or hardware belonging to or operated by the Customer and/or the Customer’s Nominee; (b) any failure or delay caused by browser software, computer virus or related problems attributable to services provided by any Access Service Provider or Other Software Providers; (c) the Customer’s access and/or use of Online Banking and Citi Mobile being prohibited, restricted, delayed or affected by:
(i) the laws and regulations of the country from where the Customer accesses Citibank Online and/or the terms and conditions prescribed by the relevant Access Service Provider in such country of access; or (ii) any act or omission by the Access Service Provider; Citi uses remote scanning technologies to detect malware, threats and vulnerabilities that may affect security of our service. We may restrict your access to our website and/or mobile application if such remote scanning detects any signs of suspicious online transactions/activities, potential malware, other online threats or system vulnerabilities.
(d) The Customer relying or acting or failing to act upon any third party information provided by the Bank through Online Banking and Citi Mobile; (e) any delay or failure in any transmission or communication facilities out of the Bank’s reasonable control, but except such delay or failure is directly caused by intentional misconduct or gross negligence of the Bank or any of the Bank’s parent, subsidiary, affiliated or associated companies ; or (f) any other event beyond the Bank’s reasonable control including (but not limited to) situations where the failure or delay is due to restrictions on convertibility or transferability, government requisitions, involuntary transfers, acts of war, civil strife, flood, fire or any other similar causes.
23.2 If the Bank’s Electronic Equipment or the Bank’s electronic system malfunctions, the Bank shall, at its best efforts, take reasonable measures to correct the following errors and prevent further losses: (a) the failure or malfunction is caused by the Customer’s act or omission or the act or omission of any Nominee; or (b) The Customer or any Nominee should have been aware that the Bank’s Electronic Equipment or the Bank’s electronic system was unavailable for use or was malfunctioning.
24. The Customer's Indemnity
24.1 The Customer will be liable for and indemnify the Bank against any loss or damage which the Bank will or may incur because the Customer or the Customer’s Nominee did not observe the Customer’s obligations under these Terms and Conditions or acted negligently or fraudulently or acted in violation of any Applicable Laws when using Online Banking and Citi Mobile.
25. Use of Online Banking and Citi Mobile outside China
25.1 The use of Online Banking and Citi Mobile outside China is subject to: (a) exchange control regulations of the People's Bank of China, China Banking and Insurance Regulatory Commission or the State Administration of Foreign Exchange (as may be applicable) or any fiscal or exchange control requirements operating in the country where the transaction is effected or requested; and (b) the laws and regulations of China and the country where the transaction is effected or requested.
26. Certificate
26.1 A certificate signed by an officer of the Bank: (a) stating any liability to the Bank will be primary evidence of the amount of the Customer’s liability at the date of the certificate, provided that the Customer will remain liable for Transactions which the Bank has not been notified of at that date; or (b) exhibiting microfilm copies of documents, computer print-outs or other documents or records kept in the normal course of the Bank business which relate to the Customer’s Account or to any application for the Customer’s Account, will be primary evidence of the facts contained therein.
27. How Does the Bank Deliver Notices to the Customer
27.1 All notices and other communication which concern Online Banking and Citi Mobile or the Terms and Conditions shall be in writing. The Bank may give the Customer a notice either by: (a) prepaid post to the address last notified. The notice shall be deemed to have been received when it would be received in the ordinary course of the post; (b) personally serving the notice at the address last notified; (c) subject to receiving the Customer’s prior specific consent, delivering it to the Customer by an electronic message to the Customer’s latest e-mail address recorded in which case the notice shall be deemed to have been received immediately; (d) transmitting the notice to the last notified facsimile number. The notice shall be deemed to have been received if the transmission slip records that it was transmitted to that number. (e) sending the notice to ‘My Mail Box’ in Customer’s Online Banking. (f) If any modification to this T&C, the latest T&C version will display to customer through Citibank Online® or Citi Mobile® and customer is required to read and accept the latest T&C. The notice shall be deemed to have been received by the Customer once delivered successfully.
28. How Does the Customer Deliver Notices to the Bank
28.1 All notices to the Bank concerning Online Banking and Citi Mobile or the Terms and Conditions shall be enquired by below email address
General questions related to Citi Online Banking and Citi Mobile Banking can be inquired through the following email address
consumer.china@citi.com or fill and submit the online form of “Email Us”
29. Fees and Charges
29.1 There are currently no service charges or transaction fees for using Online Banking and Citi Mobile. However, the Customer remains liable to pay any fees and charges payable to the Bank in accordance with the Terms and Conditions for Account Products and Services. Information on current interest rates and fees and charges is available on request.
29.2 Items and fees for Online Banking and Citi Mobile will be charged according to the Bank’s fee table effective then.
29.3 The Customer shall pay for all telephone charges incurred in connecting Online Banking and Citi Mobile and any charges from mobile service provider incurred for accessing Internet. The Customer shall also pay for any fees and charges imposed by any Access Service Provider.29.4 The Bank reserves the right to charge the Customer for any national, provisional or municipal government charges, stamp duties or taxes payable as a result of the use of Online Banking and Citi Mobile. Subject to the Terms and Conditions for Account Products and Services, any such government charges, stamp duties and taxes shall be the Customer’s responsibility and the Bank shall debit such charges to the relevant Account if required by law or government.
29.5 There may be separate charges for additional services the Customer requests on Online Banking and Citi Mobile, for example, services of Other Software Providers.
30. Citi Mobile® Biometric Recognition Services
30.1 Definition
Fingerprint Sensor Login Services: It means once customer enable fingerprint ID for Citi Mobile® Login services, she/he can login Citi Mobile® by scanning and authenticating fingerprint ID through the device used.
Device: It means the smartphone customer used to download Citi Mobile® and receive Citibank China’s digital product and services.
Biometric Recognition Character: It means fingerprint character and face character. .
Touch ID: It is a fingerprint recognition feature, designed and released by Apple Inc., and is currently available on iPhone 5s and above version iPhone that have Touch ID function.
Face ID: It is a face recognition feature, designed and released by Apple Inc., and is currently available on iPhone X and above version devices.
.
30.2 Rights and obligations
30.2.1. You acknowledge and accept that if you want to enable Biometric Recognition Login Services, you need to input and authenticate your Fingerprint ID/ Face ID saved in device according to the instruction of Citi Mobile®. After you successfully input or authenticate your fingerprint and pass identity authentication, you can enable Biometric Recognition Login Services.
30.2.2 Your Fingerprint ID/ Face ID character will be saved by the device and its system which you scan and input (Such as smartphone or other hand terminal devices), and Citibank China will not save your Fingerprint ID/ Face ID character.
30.2.3 You acknowledge and accept that before you enable Biometric Recognition Login Services, you already fully understand that you can login Citi Mobile® and access Balance Inquiry and other functions once Fingerprint ID/ Face ID authentication pass (For the functions can be accessed, please refer to Citi Mobile® App page screen).
30.2.4 With the enabling of Biometric Recognition Login Services, your command to Citi Mobile® through Biometric Recognition Login Services will be regard as irrevocable command. And it will be regard as the only command for Citi Mobile® to execute your command of questing login Citi Mobile®. You should take independent responsibility for the result of the command which Citi Mobile® executed according to your Biometric Recognition Login Services action.
30.2.5 You acknowledge and accept that the collection, recognition, authentication, contrast, etc of your fingerprint/face character will be completed by the smartphone and other hand terminal device you used. If any incurred loss due to recognition, contrast, and authentication logic issue of part of smartphone version or hand terminal device (Such as regard other purpose fingerprint as Touch ID Login fingerprint), it should be compromise settled by you and the used smartphone manufacture, and Citibank China will not be responsible for it.
30.2.6 You acknowledge and accept that, in the event of enabling Biometric Recognition Login Services, you should ensure to use your own Fingerprint ID/ Face ID to login your own Citibank China Online Banking or Citi Mobile® account. Otherwise, you should take independent responsibility for the result and loss to you and Citibank China.
30.2.7 Citibank China is with the obligation to make sure Biometric Recognition Login Services normal and valid to guarantee service for you.
30.2.8 Except other definition of the T&C, in the condition of advanced email notification and Citibank China official website notice, Citibank China is with the right to unilaterally terminate Biometric Recognition Login Services without honor liability. The Customer will be liable for and indemnify the Bank against any loss or damage which the Bank will or may incur because the Customer did not observe the Customer’s obligations under these Terms and Conditions or acted negligently or fraudulently when using Citi Mobile® Biometric Recognition Login Services.
30.2.9 Citibank China is with the obligation to provide consultancy services of Biometric Recognition Login Services and introduce the feature and rule through Citibank China official website.
30.2.10Citi, Citi and Arc Design and other marks used herein are service marks of Citigroup Inc. or its affiliates, used and registered throughout the world. Nothing displayed in the application should be interpreted as granting any rights to use or distribute any names, logos, trademarks or service marks without the express written agreement of Citigroup.
30.2.11 iPhone and Touch ID, Face ID are trademarks of Apple Inc., registered in the U.S. and other countries.
31. Citibank China Citi Mobile® App is distributed only through Apple Inc, App Store, Google Inc, Google Player and Citibank China official website (www.citibank.com.cn).
31.1 Customer can access above mentioned platform to download Citi Mobile® App and get Citibank China digital service. Apple Inc, Google Inc, here act as independent platform and provide related technique services. Citi Mobile® App and related service provided by Citibank China. Citibank China will undertake all obligations.
32. Changes in Terms and Conditions
32.1 The Bank reserves the right to change or revise any term hereof from time to time. If the Bank changes or revises these Terms and Conditions, the Bank will notify the Customer. If the Customer fails to request cancellation of Online Banking or Citi Mobile within 30 days after receipt of such notification, it will be deemed that the Customer has consented to and accepted such revised Terms and Conditions and in such circumstance, the Bank is not required to receive the signed acknowledgement from the Customer.
33. Severability
33.1 In the event any or more of the provisions of the Terms and Conditions is for any reason held to be invalid, illegal or unenforceable, the remaining provisions will remain valid and enforceable.
34. Entire Agreement
34.1 The Terms and Conditions constitute the entire understanding between the Bank and the Customer relating to Online Banking and Citi Mobile and supersede all proposals, prior arrangements, oral or written and any other communications between the Bank and the Customer in relation to Online Banking and Citi Mobile.
35. Assignment
35.1 The Bank may at any time assign or transfer any of its rights and/or obligations under these Terms and Conditions to any other entity/person by giving a notice of the assignment or transfer to the Customer. The Customer agrees that the notice of assignment or transfer may be in any written form at the sole discretion of the Bank and no consent or approval from the Customer is required for such assignment or transfer. These Terms and Conditions will continue to be effective against the Customer, and the Customer agrees to be bound and continue to be bound by these Terms and Conditions notwithstanding such assignment or transfer. The Customer may not assign or transfer any of its rights and/or obligations hereunder to any other entity/person without the Bank’s written approval.
36. Governing Law
36.1 These Terms and Conditions shall be governed by and construed in accordance with the laws of the People's Republic of China. The Bank and the Customer expressly agree to submit any dispute arising out of or relating to these Terms and Conditions to the jurisdiction of the courts of Shanghai, China. Any issue relating to any Account or service which the Customer accesses through Online Banking and Citi Mobile shall be governed by the law(s) specified in the agreement for that Account or service.
37. Language
37.1 These Terms and Conditions are written in both Chinese and English. In case of discrepancies, the Chinese version shall prevail.
38. Risk Disclosure
Self Service Fund Transfer function will be opened simultaneously after the customer activates e-Banking services (including without limitation Online Banking and Citi Mobile) Customer using e-Banking services shall acknowledge the risks and be willing to take the risks associated with the transactions conducted via e-Banking services. Customer is responsible for safe keeping his/her computer, mobile phone, other related devices and e- Banking related information appropriately (including online user ID & password; Debit Card & Password, OTP and the account number). Customer shall be liable for all transactions conducted through the e-banking channels accessed by using the above e-banking information.
For more Internet Security Notice, please log on Citibank Online www.citibank.com.cn to view details.
The Personal Information Protection Policy ("This Policy") applies only to retail banking products or services of Citibank (China) Limited (including each and all the branches) ("Citi" or "we").
Last Updated: April 10, 2024
Effective on: April 10, 2024
Please carefully read this Policy and ensure you understand that we will handle your personal information in accordance to the principles of clear purpose, consistency of rights and responsibilities, minimization & necessity and security. If you have any questions, please contact our customer service team for further assistance (customer service hotline: 400-821-1880/95038).
This Policy will help you understand the following:
1. How we collect and use your personal information
2. How we use cookies and similar technologies
3. How we do entrusted processing of, share, transfer, and publicly disclose your personal information
4. How we store and protect your personal information
5. Your rights
6. How we protect the information of children or minors
7. How your personal information is transferred globally
8. How we update this Policy
9. How to contact us
10. Miscellaneous
We understand the importance of personal information to you and will do our utmost to protect your personal information. We are committed to abide by the following principles to protect your personal information: the principle of consistency of rights and responsibilities, the principle of clear purpose, the principle of minimization & necessity, the principle of security, the principle of subject participation, the principle of openness and transparency, etc. At the same time, we promise that we will take appropriate security measures to protect your personal information in accordance with the industry's mature security standards.
Please read and understand this Policy carefully before using our products (or service). For the clauses and personal sensitive information in this policy that we consider to be materially related to your rights and interests, we’ve marked them in bold to draw your special attention.
The terms listed below shall have the meaning designated:
1. Personal information refers to various information recorded electronically or otherwise that can identify a specific natural person or reflect the activity of a particular natural person, either alone or in combination with other information. The personal information involved in this Policy includes: basic information (including personal name, address, family relationship, personal phone number, e-mail address); personal identification information (including ID card, military ID, passport, driving license, etc.); personal biological identification information (facial recognition features, facial images, fingerprints); network identification information (including Citi APP login account number, IP address, email address and related passwords, passwords, and password protection answers); personal property information (bank Account, password, password, transaction and consumption records, flow records, payment and collection records); address book; personal Internet records (including website browsing records, software usage records, and click records); personal common equipment information (including hardware models, equipment MAC address, operating system type, software list, unique device identification code (such as IMEI/android ID/IDFA/OPENUDID/GUID, SIM card IMSI information, etc., including information describing the basic situation of personal commonly used devices); precise positioning information.
2. Personal sensitive information refers to personal information that, once leaked, illegally provided or abused, may endanger personal and property safety, and easily lead to personal reputation, physical and mental health damage, or discriminatory treatment, etc., Personal sensitive information involved in this Policy includes: Your personal identification information (including ID card, military ID, passport, driver's license, etc.); personal biological identification information (facial recognition features, facial images, fingerprints); network identification information (including Citi APP login account, IP Address, email address and the aforementioned passwords, passwords, and password protection answers); personal property information (bank card number, password, password, transaction and consumption records, flow records, payment and collection records); address book; website browsing records; precise positioning information.
1. How we collect and use your personal information
1.1 How we collect your personal information
When you apply to use our services or products, for the purpose of providing you with more precise, personalized and convenient services (including but not limited to, for the purpose of transactions, data processing, statistical studies, taxation, risk analysis, credibility monitoring, risk management and debt collection), and to improve your experience with our services, we will collect varied personal information based on your authorizations.
1.1.1 When you open a bank account with us, apply for a bank card of Citi, use our service to make deposits, process money collection, payment or transfers, apply for the service of credit cards, loans, make purchase of investment product, wealth management product, insurance and other financial products of us, or make an application for appointment with us, you are required to provide us with the following information:
a) Personal identity information, including name, gender, nationality, identity certificate information, telephone number, e-mail, date of birth, address, occupation and marital status. Further information such as your educational background, diplomas, work experience, health status, family member information, U.S. Social Security Number may also be required.
b) Personal property information, including personal income status (e.g., source of income / wealth and etc.), tax residency, taxpayer identification number. Further information such as real properties ownership and investment status (including financial assets and etc.) may also be required.
In addition, when you apply for a loan with us, per the regulatory requirement, we would need to (based on your authorization) collect your following information:
a) Personal credit information, including credit card, loan and other credit transaction information, debt status, relevant information on debt repayment liabilities, civil judgment, compulsory enforcement, administrative penalty and other non-credit transaction information, as well as other information that could reflect personal credit status.
b) Other information relating to the determination of the qualifications for real estate purchases: real estate transaction information, qualification/qualification certificate, property donation record.
1.1.2 When you apply for a credit card (including the face-to-face signing process) with us, we would need to collect your following information based on your authorization:
a) Personal identity information, including name, gender, nationality, ethnicity, identity certificate information, telephone number, email address, date of birth, marital status, address, occupation, diplomas and years of working.
b) Personal property information, including personal income status.
c) Personal biometric information, such as photos and videos.
d) Personal credit information, including the information of credit card, loan and other credit transaction information, debt status, litigation, investigation, penalties and other information that can reflect personal credit status.
e) Other information acquired in establishing or maintaining a business relationship in order to fulfill contractual, legal and/or regulatory compliance obligations, such as: the time and location (including geographic location and internet address) of transaction and service usage, records of correspondence and other types of communications with Citi (including audio and video recordings, call records, communication records and the contents thereof), the IP address used by the customer.
When you use our credit card services (credit card event & points redemption), in order to provide you with credit card events & points redemption related information and/or address amendment service for gift receiving, introduce to you our credit card installment plan and for such other purposes, you are required to further provide us with the following information:
a) The number of your airline or hotel membership card, and the new mailing address designated by you (this address will be conveyed to the third party supplier for shipping purposes).
b) The name and account number of your designated lending bank.
c) The scanned copy of your updated identity certificate and the validity period of the certificate
1.1.3 In order to provide you with mobile banking services and to ensure the security of your account and the service, during the course of your use of the mobile banking services, we will collect information entered by you or generated from your use of the services.
When you activate our mobile banking services through the online self-service channel, per the requirements of laws & regulations and the regulatory bodies, we will collect your basic personal information, identity information, account information, correspondence information, and biometric information, to assist you with the mobile banking registration. If you decline to provide these information, you may not be able to activate the mobile banking services or use the services we provide.
1.1.4 When you use a mobile banking function or service, for example, in the following cases, you would need to provide us with or authorize us to collect the user information required for the service.
a) When you log on to the mobile banking app, we will verify the validity of your online banking user name and password. If you forget your login password and need to reset it, we will need to verify your identity information, including your mobile phone number, identity certificate information, bank card number, ATM cash withdrawal/transaction password. We will also collect device information for hardware binding and login security strengthening. If you do not provide the above information, you will not be able to log in or retrieve your password, but your normal use of functions or services that are available to general visitors (where login is not required) will not be affected.
For mobile phone devices of certain brands or models, you may choose fingerprint/facial recognition and verification method based on biometric information stored locally in your device. Such information is processed by the mobile phone terminals. We do not keep the biometric information stored in your mobile phone terminals. You can turn on/off the fingerprint/facial recognition function through the “my - settings” sector in the mobile banking app.
b) If you bind your mobile phone number for the mobile money transfer function, you would need to go through facial recognition process for identity verification, provide us with your facial image information and authorize us to verify your identity with the public security department. If you do not provide the above information, we will not be able to provide you with products or services where facial recognition is required.
c) When you use your mobile phone number to transfer funds and thus for the first time trigger the address book function, we will seek your consent and we will only retrieve the information of the contact person you have chosen from the address book. The content thereby retrieved will only be used for one-time operation and confined to the local use of mobile phone, which will not be kept by us in the background. The above information is personal sensitive information. If you do not want to use the above-mentioned functions, you may choose not to provide these information, which will not affect your normal use of other mobile banking functions. You may enter the contact’s mobile phone number manually in lieu of using the address book function.
d) When you make money transfers & remittance, you are required to provide information such as the payee's name, bank card number/account number, account-opening bank information and the intended use of transferred funds. In addition, we will also collect relevant transaction records (both collection and payment) for your ease of reference. Where you use the cross-border remittance services, your personal information including the sender’s user name, detailed address, phone number, postal code as well as the payee's name, country and detailed address will be transferred overseas as part of the transaction information. The above information is personal sensitive information, and your refusal to provide such information will only affect your ability to use the above-mentioned functions, but your normal use of other mobile banking functions will not be affected.
In order to simplify your transfers, we will also collect your payee’s name, bank card number/account number and account-opening bank information to form a payees list. You may choose to remove relevant payees from the list.
e) When you use SMS notification and/or message push services, we will collect your mobile number, device information, account information and transaction information so as to promptly notify you of account balance change and relevant transactions. If you do not provide the above information, you will not be able to use such notification and message services.
f) When you open a category II account (also known as Hui-cun account) or a category III account (also known as Hui-hua account), we will verify the mobile phone number registered with us and designated by you to receive SMS verification codes, online banking user name and user password. In accordance with the real-name authentication requirements prescribed by the laws and regulations of the state, we would need to collect information such as your name, certificate number, gender, ethnicity, date of birth, address, validity period of the certificate, photos of both sides of the certificate, portrait information, information of debit card account (under the same name) with other banks, and provide your name, bank account information, certification number and portrait information to the public security department to check and verify your identity against/through the online citizen identity information verification system and the inter-bank information authentication service platform of PBOC.
g) When you apply for a digital certificate, we would need to collect your name, certificate number and your authorization that allows us to send the same to the China Financial Certification Authority for review, information registration and digital certificate downloading.
h) When you use the personal information update service, we will require you to provide e-mail address, mobile number, home number, office number and communication address.
i) To fulfill our legal obligations and regulatory requirements for due diligence and sanctions/anti-money laundering/anti-terrorist financing, during our provision of the account opening and banking services to you, we may need to collect the personal information of your associated Spouse/Parent/Partner/Other third parties (including but not limited to name, birthday, nationality/area, residence, contact number, company name, work experience and source of wealth, etc.) from time to time. Please ensure that the information is true and valid, and is collected, processed and transferred in accordance with applicable laws , and ensure you have obtained the consent of such third parties.
1.1.5 When you use the mobile banking service, to maintain normal operation of the service and ensure transaction security, we will collect your geographic information, electronic device information (including device type, operating system, unique device identifier, log-in IP address, network accessing method/type/status, network quality data, etc.) and operation log information. These information are the basic information required for us to provide service to you and to ensure your normal and secure use of our service.
1.1.6 In order to provide you with better products and services, we would need to collect the following information. If you decline to provide the following information, your normal use of the above basic service will not be affected, but we will not be able to provide you with certain extended functions and services.
a) Advertising and marketing functions
When you participate in promoting activities, we will collect your name, identity certificate number, mobile phone number and communication address for prize distribution. If you decline to provide these information, you will not be able to use the above functions, but your normal use of other mobile banking functions will not be affected.
b) Feedback function
In order to improve user experience, enhance service quality and mitigate risks, we will provide you with safer, more convenient and more personalized services and will therefor collect your feedback/suggestions and information provided thereby, as well as relevant questionnaire feedback.
c) Personalized service
In order to provide you with more precise, personalized and convenient services, improve user experience and enhance service quality, we will collect your feedback and suggestions, the type & mode of the mobile banking functions or services you use and operation information generate thereby, as well as your user information. We will use these information to conduct analysis and profile your user portrait, and provide you with relevant services and products accordingly.
1.1.7 When you use the functions and services of this app, under certain circumstances, we may need to use the software development toolkit or code ("SDK") provided by a qualified third-party service provider to render services to you, where the third-party service provider may need to collect certain information of you, in particular:
SDK |
Scenario |
Personal Information Collected |
Data Receiver |
CFCA SDK |
E-signature for authentication |
System version number, device type, device name, system manufacturer, hardware name, hardware manufacturer, serial number, Android ID |
China Financial Certification Authority |
CFCA SDK |
Identity verification for mobile number payment activation |
Face photo, mobile number, IMEI number, IMSI, device serial number, device ID, call status, device status information |
China Financial Certification Authority |
TMXProfiling
TMXProfilingConnections
TMXDeviceSecurityHealth |
Anti-Fraud |
1. When you use the mobile banking or online banking services, we need to collect the type of the computer operating system, the type of the mobile operating system, login date/time, mobile network IP address and location information, the model and manufacturer information of your mobile phone, whether connected to the mobile network ID, whether connected to the Wi-Fi network ID, the network model, the carrier's name, the mobile network country code, the mobile network code, the width of the device screen, the length of the device screen and whether the device has jailbreaking sign. 2. Transaction Date/Time/Amount (not include customer name, only include customer number internally used in bank) |
Citibank (China) Co., Ltd.’s Parent and Affiliates |
If you choose not to provide the above information, you may not be able to use certain or certain part(s) of service(s), but this will not affect your use of other services provided by us.
1.1.8 In the course of our services, you may need to provide certain device permissions to ensure normal use of our services and for us to maintain the normal operation of our services, improve and optimize service experience and protect your account security. In particular, following device permissions may be required:
a) Location – for fraud detection and information security purpose.
b) Phone Number – to read communication status and internet status of the mobile you are using, for risk control and information security purpose.
c) Facial ID or fingerprint ID verification– for verification and log-in to Citi mobile banking app.
d) Notification –to provide message push service.
e) Address book – help quickly choose the phone number of the payee when using the mobile money transfer function.
f) Camera –help access camera to complete the facial verification process for mobile money transfer.
g) Storage access- to store electronic account statement.
Please note that when you grant these permissions, you authorize us to collect and use the above information to achieve the above functions. You can also choose to disable some or all of the permissions at any time in the device settings. If you cancel the authorization, we will no longer continue to collect your corresponding information, nor will we be able to provide you with the corresponding functions. In different devices, the permission display method and withdrawal method may be different. For details, please refer to the instructions or guidelines of the device and system developer.
For the above services, we may collect your sensitive personal information. The collection of such sensitive information is carried out based on the minimum necessity principle and is necessary for us to provide you with the service. If you refuse to provide such sensitive information, you may not be able to use the corresponding services. We will, in accordance with the requirements of applicable laws, inform you of the processing purpose and method and other contents that need to be informed according to the law,regarding your sensitive personal information collected by us, and seek your separate consent thereof. This Policy has informed you about the processing of sensitive personal information, and your consent to this Policy is deemed as your separate consent to such processing.
1.2 How we use your personal information
1.2.1 We will use the collected personal information in accordance with the provisions of this Policy and to provide or improve the functions of our financial products and/or services.
1.2.2 During the period of services, you authorize us to continuously collect and use your information. When you deregister the services, we will stop collecting personal information related to you, but we may continue to use collected personal information under certain circumstances such as business filing, auditing, regulatory assistance, and fulfilling anti-money laundering and sanctions requirements.
1.2.3 We may use your personal information to provide you with Citi products and services that may be of interest to you.
1.2.4 In order to enhance your experience with our products or services, or for risk prevention purpose, we will summarize, analyze and process the usage statistics of services. However, such information will not contain any personal identifying information about you.
1.2.5 If we use the information for other purposes which are not stated in this Policy, we will seek your consent in advance.
1.2.6 If we use the information collected for a specific purpose for other purposes, we will seek your consent in advance.
1.2.7 After collecting your personal information, we will use technical means to de-identify or anonymize your information so that your identity will not be recognized through such information.
1.3 Exceptions
In accordance with the relevant laws, regulatory requirements and national standards, we may process (including collecting, storing, using, processing , transmitting , providing, disclosing, deleting, etc.) your personal information without seeking your separate consent or consent in any of the following circumstances:
1.3.1 Necessary for the Bank to perform its statutory duties or obligations;
1.3.2 Directly related to national security or national defense security;
1.3.3 Necessary to respond to public health emergencies, or to protect the life, health and property safety of natural persons in emergencies;
1.3.4 Directly related to criminal investigation, prosecution, judicial trial, enforcement of judgment and etc.;
1.3.5 Collect or use personal information that has been willingly disclosed to the public by you;
1.3.6 Collect or use personal information received & generated from legally and publicly disclosed information, such as legitimate news reports, government information publication or other channels;
1.3.7 Necessary for entering into and performing contract(s) according to your instructions;
1.3.8 Necessary for maintaining secure and stable operation of our products or services, such as to detect, handle fraud in or misappropriation of the products and services.
2. How we use cookies and similar technologies
2.1 Cookie
To ensure the proper operation of online banking and mobile banking, we store pieces of information called Cookie in your computer or mobile device. Cookies usually contain an identifier, a site name, and some numbers and characters. With the help of cookies, data such as your preferences could be stored.
We do not use cookies for any purpose other than those stated in this Policy. You can manage or delete cookies based on your preferences. Please refer to the link http://optout.networkadvertising.org/ for more information. However, if you decide to delete certain cookies stored on your computer or mobile device, your site experience may be degraded and you may not be able to use some of online features, especially the security and fraud monitoring features of cookies.
2.2 Website beacons and pixel tags
In addition to cookies, we may use similar technology as beacons and pixel tags in online banking or mobile banking to collect your browser, mobile devices and other information such as web browsing time, pages visited, language preferences, and other interacting data from Citigroup sites. This part of data may be associated with your terminal device information (e.g. IP address, installation fonts, language and browser settings, time zone, and etc.) to facilitate our understanding on your preference of Citi products or services and improve our customer service.
2.3 Do Not Track
Many website browsers provide a Do Not Track function that can send a signal to the websites you visit to indicate you do not wish to be tracked. Up to now, major Internet standardization organizations have not established policies to specify how websites should handle these requests. However, if you enable Do Not Track in your browser, all our websites will respect your selection.
3. How we do entrusted processing of, share, transfer, and publicly disclose your personal information.
3.1 Entrusted processing
Certain modules or functions in our business function are provided by third-party suppliers. For example, we may engage service providers to assist us in providing customer support. The entrusted activity will not exceed the scope of the agreed processing purpose or method.
For the third party entrusted by our bank, we will carry out the personal information security impact assessment and sign a contract with the third party, requiring the third party to process your personal information in accordance with laws and regulations, this policy and other confidentiality and security requirements of our bank, and supervise the third party. Once it is found that the third party fails to process personal information in accordance with the entrusted requirements, or fails to effectively fulfill the responsibility of personal information security protection, we will take or request the third party to take effective remedial measures to control or eliminate the security risks faced by personal information. When necessary, we will terminate the business relationship with the third party and require the third party to delete the personal information obtained from us in a timely manner.
When required by applicable laws and regulations, regarding our provision of your personal information to third parties, we will inform you of the relevant matters including the name and contact information of the personal information recipient, the processing purpose, processing method and type of personal information, and obtain your separate consent thereof.
3.2 Sharing
We do not share your personal information with any company, organization or individuals, with the following exceptions:
3.2.1 Share upon your explicit consent: We will share your personal information with other parties after obtaining your explicit consent.
3.2.2 We may share your personal information to comply with laws and regulations or mandatory requirements from governmental authorities.
3.2.3 We may share your personal information with third-party for the following purposes:
a) Sharing with our affiliates.
However, we will only share necessary personal information and the related parties will be bound by the stated purpose in this Policy. If our affiliates want to change the purpose of processing personal information, they will again seek your authorization and consent.
b) Sharing with our partners and third parties.
We may disclose your personal information to suppliers and other partners who support our business to ensure the smooth completion of the services provided to you. However, we will only share your personal information for legal, legitimate, necessary, specific, and clear purposes, and will only share personal information necessary to provide services. Our partners have no right to use the shared personal information for any other purpose.
Our authorized partners mainly include:
Our suppliers, service providers and other partners. We will be required to disclose your login, account or transaction information (including name, ID number, personal image, geographic location, mobile phone number, bank card number, sender’s name, payee’s name, remittance account number, name of the remitting bank, business office of the remitting bank, receiving account number, the name of the receiving bank, business office of the receiving bank, transfer method, transferred amount, transfer time, agreed transfer intervals, transaction notes, processing status and transfer date) to those suppliers, service providers and other partners that support our business, such as providing us with technical infrastructure services, risk control services, identity verification services, customer services, transfer services, payment convenience, joint promotion activities, etc.
If we share your personal information with above third-party(ies), we will, in the form of a written agreement, request them to process the above information in accordance with applicable laws, regulations, personal information protection or privacy policy(ies) and other confidentiality and security requirements to safeguard your information security.
3.3 Transfer
We will not transfer your personal information to any company, organization or individuals except in the following cases:
3.3.1 After obtaining your consent.
3.3.2 In the case of mergers, acquisitions or bankruptcy liquidation, if it involves transfer of personal information, we will request the new company or organization, which holds your personal information, to be bound by this Policy. Otherwise we will ask the new company or organization to resolicit your authorization.
3.4 Public disclosure
We will only publicly disclose your personal information under the following circumstances:
3.4.1 Obtain your separate consent in advance;
3.4.2 Disclosure based on law: We may publicly disclose your personal information in the event of mandatory requirement of legal, legal procedure, litigation or governmental agencies.
4. How we store and protect your personal information
4.1 Storage
We will only retain your personal information within the minimum period required by laws and regulations or for the implementation of the anti-money laundering and sanction rules, and within the minimum period necessary for achieving the aim stated in this Policy. Upon expiration of the retention period, we will delete or anonymize your information.
4.2 Protection
4.2.1 We have used industry-standard security measures to protect the personal information you provide to prevent unauthorized access, public disclosure, use, modification, damage or loss of data. We will take all reasonable and feasible action to protect your personal information. For example, when you exchange data (such as credit card information) between your browser and the "service", you are protected by SSL encryption; in the meantime, we also provide https secure browsing for Citi website; we use encryption to ensure data confidentiality; we will use trusted protection mechanisms to protect against malicious attacks; we deploy access control mechanisms to ensure that only authorized personnel have access to personal information; and we conduct security and privacy protection training courses to enhance employee awareness of the importance of protecting personal information.
4.2.2 We have established special management systems, procedures and organizations to ensure the security of information. We strictly limit the scope of persons who can access the information, require them to undertake confidentiality obligations, and. conduct audits.
4.2.3 The Internet is not an absolutely secure environment. Besides, email, instant message, and communication with other Citi users are not encrypted. We strongly recommend you not to send personal information in this way. Please use complex passwords to help us keep your account secure.
4.2.4 The Internet environment is not 100% secure, and we will do our best to ensure or guarantee the security of any information you send to us. If our physical, technical, or administrative protection is damaged, which results in unauthorized access, public disclosure, alteration, or destruction of information and further impairs your legitimate right, we would undertake corresponding legal liabilities.
4.2.5 In accordance with the requirements of laws and regulations, in the occurrence of any personal information security incident (including information loss, damage, leakage, tampering and etc.), we will promptly notify you of the following in accordance with laws and regulations: basic information about the security incident and its potential impact, treatment measures we have taken or will take, suggestions about proactive defense and risk mitigation, remedial measures and etc. We will promptly let you know relevant situations of the incident by means of mail, letter, phone call, push notification and etc. We will issue announcement in a reasonable and effective manner when having difficulty in reaching out to each personal information subject.
Meanwhile, we will also report the handling status of personal information security incidents as required by regulatory authorities.
5. Your rights
In accordance with China's relevant laws, regulations, standards, and the common practice of other countries and regions, we guarantee you the following rights of your personal information:
5.1 Access or obtain your personal information
You are authorized to access or obtain your personal information, except for some circumstances stipulated by law and regulations. You could, after identity verification, exercise your right of data access or obtainment through the following methods:
Account Information - If you want to access, obtain or edit your profile information and payment information, change your password, add security information or close your account, you can visit Citibank Online Banking at www.citibank.com.cn; Citi Mobile Banking to perform such actions.
If you are unable to access or obtain your personal information via the link above, you can always contact us by using the “Contact Us” web form on Citi’s official website at www.citibank.com.cn, or call us at our customer service hotline 400-821-1880/95038, or sending an email to consumer.china@citi.com. We will respond to your request within 15 business days.
We will provide you with other personal information generated during the course of your use of our products and services so long as it is within our scope of services.
5.2 Correct your personal information
When you identify any error in your personal information by our process, you are entitled to require us to make the correction. You can raise a correction application by using the methods listed in "(1) Access to your personal information". If you are unable to correct your personal information through the link above, you can always contact us by using the “Contact Us” web form on Citi’s official website at www.citibank.com.cn or sending an email to consumer.china@citi.com. We will respond to your request within 15 business days.
5.3 Delete your personal information
Under the following circumstances, you can request us to delete your personal information:
5.3.1 If our processing of personal information violates any law or regulation
5.3.2 If we collect or use your personal information without your consent, or if you withdraw your consent
5.3.3 If our processing of personal information breaches our agreement with you.
5.3.4 If you no longer use our products or services, or you cancel your account
5.3.5 If we no longer provide products or services to you
Where the storage period stipulated by law or administrative regulation has not expired, or deletion of personal information is technically hard to accomplish, we will cease the processing of personal information other than storing and taking necessary security protection measures for such information. We will respond to your request of deletion in accordance with applicable laws or regulations, we will also notify the entity(ies) which obtained your personal information from us and request them to delete such information in a timely manner, unless otherwise stipulated under laws or regulations, or if these entity(ies) has(have) obtained your separate authorization.
5.4 Change your authorization scope
Each business function requires certain basic personal information to be provided (please refer to "Part 1" of this Policy). You could grant or withdraw your authorization & consent at any time for the collection and use of the additionally collected personal information.
You can change the authorization scope by yourself in the following ways:
Citi Service Hotlines: Domestic customers please call 400-821-1880/95038. Overseas customers please call (+86)-(20)-3880-1267 (Retail Banking Customer) or (+86)-(21)-3896-9500 (Credit Card Customer).
When you withdraw your consent, we will no longer process your corresponding personal information. However, this decision to withdraw your authorization will not affect personal information processing upon your previous authorization.
If you do not wish to receive commercial advertisements we deliver, you can cancel at any time by:
SMS: Replying with TD
Mail: Replying directly to this message and change the subject to "Unsubscribe". We will process your request within 10 business days. Please understand that you are still likely to receive emails from us during this period. Please kindly note that you could not send new emails to this email address as this type of request cannot be processed.
5.5 Account Cancellatione
How Citibank China app features can be discontinued:
All the Citibank China app feature enrollments can only be enabled on a single device at any given time for your security.
Theses settings are automatically transferred to the new device, when you install & authenticate yourself on Citibank China app on new device.
To discontinue usage of the app, you can uninstall the app and continue accessing Citibank Online Via our website. (Learn more on Citibank China app features)
You can cancel your previously registered accounts at any time, you can do it by yourself in the following ways:
For debit card customers who wish to cancel online banking and mobile banking, they should visit branch/sub-branch in person and fill out the Debit Card Business Application Form. For credit card customers, they can call Citi Service Hotline to cancel online banking and mobile banking.
After account cancellation, we will stop providing you our products or services, and will delete your personal information per your requirements, unless otherwise stipulated by laws and regulations.
5.6 Constraints of automatic decision making from information systems
In certain business functions, we may make decisions solely based on non-manual automatic decision mechanisms including information systems and algorithms. If these decisions significantly affect your legitimate interests, you have the right to ask for explanation and we will provide appropriate remedies.
5.7 Transfer your personal information
According to the provisions of relevant laws and regulations, you can request our bank to transfer your personal information to your designated third party. If the transfer meets the conditions set by the State cybersecurity department, we will provide you with the channel for such transfer.
5.8 Responding to your above request
In order to ensure the security, you may need to provide a written request or other supporting to verify your identity. We may ask you to verify your identity before processing your request. We will respond to you within 15 business days.
If you are unsatisfied with services, you can also make complaints through the following channels.
Calling 400-821-1880/95038 or consumer.china@citi.com or filling out and submitting the "Email Us" form online.
In principle, we do not charge for your reasonable request, however, for those repetitive, beyond reasonable requests, we may charge a fee as the case may be. For those unreasonably repetitive requests which need too excessive technical means (for example, need to develop new systems or fundamentally change existing practices), pose risks to others’ legal rights, or are very impractical (for example, involving information stored on backup tapes), we may reject such requests.
In the following situations, we will not be able to respond to your request as required by law or regulation:
5.8.1 Directly related to national security and national defense security.
5.8.2 Directly related to public safety, public health, or significant public interests.
5.8.3 Directly related to criminal investigation, prosecution, judicial trial, enforcement of judgment and etc.
5.8.4 There is sufficient evidence that you have subjective malice or abuse of rights.
5.8.5 Respond to your request which may result in serious damage to the legitimate rights and interests of you or other individuals or organizations.
5.8.6 Involve our trade secrets.
5.8.7 For compliance with the regulations of anti-money laundering or sanctions.
This policy does not limit your other rights as an information subject under applicable laws and regulations.
6. How we protect the information of children or minors
Our products, services and websites are primarily for adults. Children and minors cannot create their own accounts without the consent of their parents or guardians.
If you are a child/minor, please read these terms carefully and only use our services or provide information to us upon your guardian's consent. If you are guardian of child/minor, please read these terms carefully and confirm whether you agree to use our services or provide information to us. You shall confirm that your child uses our services with your consent and knowledge. We will only collect, use, retain and disclose your information to the extent allowed by laws & regulations and regulatory requirements, explicitly consented by your guardians or necessary for the protection of the interests of children/minors.
Besides, we are well aware of the importance of personal information to children/minors and their guardians, and thank children/minors and their guardians for their trust in us.
In Chapter '1. How we collect and use your personal information' of this Policy, in combination with specific services, we explain in detail that user need to agree with the type and the use of the information we collect and the consequences of refusing consent. These information may involve information about children/minors, we will collect corresponding personal information of the children/minors in accordance with the following agreement, and obtain the consent of the guardians:
1、When we provide insurance service to you and the insured is a child/minor, we need you to authorize us (an insurance agency) to collect the following personal information of the child/minor for the purpose of providing insurance service, and agree us to disclose it to insurance companies for underwriting. If you do not agree to provide the following information, we may not be able to provide the insurance service to you. Due to differences in the type of insurance, amount of products, etc., information collected by authorization includes but is not limited to the following information:
• Children/Minors personally identifiable information, relationship information, etc.
• Children/Minors health information
• Other relevant information required by the insurance company that insures this type of insurance, such as past insurance application, refusal of insurance, extension of underwriting information, etc.
2、When we provide home loan service to you and there are children/minors in your family, we need to collect personal identification information of the children/minors (including personal name, identity certificate information), information in respect of house-purchase eligibility recognition (e.g. number of real estate units under the name, property donation, etc.), if you do not agree to provide the aforementioned information, we may not be able to provide the home loan application service to you.
When we want to use the information of children/minors for other purposes not specified in this chapter, we will obtain the consent of the guardians again in accordance with the requirements of laws, regulations and regulatory requirements.
We will store, use and protect the information of children/minors in accordance with the stipulations of this Policy. We have designated a special-assigned person to be responsible for the protection of children's/minors' information, strictly set information access rights, and adopted the principle of least-sufficient authorization for staff who may have access to children’s/minors’ information.
We promise to keep children's/minors' information strictly confidential, and only provide these information to external parties under the stipulations of ‘Chapter 3. How we do entrusted processing of, share, transfer, and publicly disclose your personal information’ in this Policy. If it is necessary to share children’s/minors’ information with a third party in order to provide services to you, we will evaluate the legality, legitimacy and necessity of the third party's collection of children’s/minors’ information. We will request third parties to take protective measures for the information of children/minors and strictly abide by relevant laws, regulations and regulatory requirements. In addition, we will obtain the consent of the guardian of the child/minor in accordance with the requirements of laws, regulations and national standards, or confirm that the third party has obtained the consent of the guardian of the child/minor.
For the purposes of this Policy, "children" in this chapter refers to natural persons under the age of fourteen, and "minors" refer to natural persons over the age of 14 but under the age of 18..
7. How your personal information is transferred globally
In principle, the personal information we collect and generate within the territory of the People's Republic of China will be stored in the territory of the People's Republic of China.
Since we provide products or services through resources and servers across the world, which means that to the extent permitted by regulatory rules and applicable laws, and upon your authorization and consent, your personal information may be transferred to the foreign jurisdiction of the country in which you use the product or service, or be accessed from these jurisdictions. In order to process cross-border business, upon your consent, your personal information including the sender's user name, detailed address information, phone number, postal code, as well as the payee's name, country, and detailed address information, will be transferred overseas as part of the transaction information.
Please refer to the ‘Personal Information Cross-Border Transfer List’ attached herein for the names and, contact information of the overseas receipts, the type of the outbound transferred data and the processing, methods and purposes.
Such jurisdictions may have different data protection laws or even don’t have relevant laws. In such cases, we will ensure that your personal information is adequately protected within the territory of the People's Republic of China. For example, we will ask you for permission to transfer personal information across borders or to implement security measures such as data de-identification before cross-border data transfers.Regarding the exercise of your relevant rights, please contact us through the methods listed in the Personal Information Cross-Border Transfer List.
8. How we update this Policy
We may change this Policy from time to time.
We will not undermine your rights entitled under this Policy without your explicit consent. We will post any changes and revisions of this Policy on this page.
For significant changes, we also provide more noticeable notices (including for certain services, we will send a notification via email stating the specific changes to this Policy).
Significant changes referred hereunder include but not limited to:
(1) Major changes in our service model, such as changes in relations to the purpose of processing personal information, the type of personal information processed, the way in which personal information is used, etc.
(2) Changes in the main objects of personal information sharing, transfer or public disclosure.
(3) Major changes in your rights to participate in the processing of personal information and the way of you exercising such rights.
(4) Changes in the department, contact information and complaint channels responsible for personal information security.
(5) Personal information security impact assessment report indicates that there is a high risk.
We will also archive the previous versions of this Policy for your reference.
Whenever this Policy is updated, we will notify you to review and confirm it when you log in to Citi Mobile Banking app. If you do not agree to the new terms and conditions, please stop using our services and products.
If you only use the online banking services, if there is any update to this Policy, the updated content will be publicized through our bank’s official website (www.citibank.com.cn), and will become effective upon publication and supersede the previous relevant content. Please pay attention to changes in relevant announcements, reminders, agreements, rules and other related content from time to time. Please be aware and confirm that, if you do not agree with the updated terms and conditions, please stop using our services and products; if you continue to use our services and products, it is deemed that you agree to accept the updated terms and conditions.
9. How to contact us
If you have any questions, comments or suggestions about this Policy, or require to access, update, rectify, delete or withdraw your personal information, please contact us by the following means:
Company name:Citibank (China) Co., Ltd.
Location:30F, Citigroup Tower, No.33 Hua Yuan Shi Qiao Road, Lu Jia Zui Finance and Trade Area, Shanghai, China
Postcode: 200120
Email Address: consumer.china@citi.com
Phone number: Domestic customers please call 400-821-1880/ 95038. Overseas customers please call (+86)-(20)-3880-1267 (Retail Banking Customer) or (+86)-(21)-3896-9500 (Credit Card Customer).Customers may need to pay communication charges to telecom carriers for such calls (charges are as set by respective telecom carriers). All customers can visit the branch to make specific requirements.
We will reply within about 15 working days after receiving your request, up to 30 days or a shorter period (if any) stipulated by laws and regulations. For your aforementioned reasonable request for personal information, we will not charge you in principle. However, for repeated requests that exceed reasonable limits, we will charge a certain cost according to the circumstances within the scope permitted by laws and regulations.
If you believe that our personal information processing behavior damage your legitimate rights and interests, you have the right to seek solution through the people's court or regulatory agencies.
10. Miscellaneous
If you are, or will be, a resident of the U.S. State of California, you have certain rights with respect to your Personal Information under the California Privacy Rights Act ("CPRA") as of January 1, 2023. For more information about what this means to you, please click here https://www.citigroup.com/citi/privacy.html.
To access your rights under CPRA, please call U.S. +1-833-981-0270 or click here CPRA non-US Request to print a form and mail to us.
The laws of the P.R.C. shall apply to the establishment, effectiveness, performance, interpretation and dispute resolution of these terms and conditions.
Matters not covered in this Policy shall be handled in accordance with applicable laws and regulations, our relevant business rules and prevailing financial business practices.
These terms and conditions are written in both Chinese and English. In case of discrepancies, the Chinese version shall prevail.
Personal Information Cross-Border Transfer List
Information Recipient |
Contact Information |
(Data) Processing Purpose |
(Data) Processing Method |
Type of Personal Information |
Method and Procedure to Exercise Rights |
Citibank (China) Co., Ltd.’s Parent and Affiliates |
consumer.china@citi.com
|
process and risk control management of the cross-border transaction business
|
collection, storage, use, processing, transmission, provision, and deletion |
customer’s basic information, contact details and transaction information |
If you need the specific names of the Recipients or have any questions, please contact us at consumer.china@citi.com
|
process and risk control management of the Credit Risk Management |
collection, storage, use, processing, transmission, provision, and deletion |
customer’s basic information, contact details and transaction information |
credit card points redemption |
collection, storage, use, transmission, provision, and deletion |
customer’s name, customer airline/hotel membership number |
internal management of event marketing |
collection, storage, use, transmission, provision and deletion |
customer’s name |
management of customer experience |
collection, storage, provision, and deletion |
customer’s basic information and transaction information |
provision of custodian services |
collection, storage, use, processing, transmission, provision, and deletion |
customer’s basic information and transaction information |
provision of e CitiAlerts services |
collection, storage, use, transmission, provision, and deletion |
customer’s contact details and transaction information |
conducting due diligence |
collection, storage, use, processing, transmission, provision, and deletion |
customer’s basic information, contact details and transaction information |
E-banking business risk management |
collection, storage, use, transmission, provision, and deletion |
customer’s device information, login information and transaction information |
technical support |
collection, storage, and deletion |
information listed in this chart |
disaster recovery |
collection, storage, and deletion |
information listed in this chart |