From the 30th August 2019 Canada Square Operations are no longer able to accept any new PPI complaints or PPI Checker requests.
If you wish to contact us you can do so by writing to us at the below address:Canada Square Operations LimitedP O Box 4903WorthingBN99 3AR
Our commitment to you
At Citi our aim is to ensure all of our customers have equal access to our services regardless of their personal circumstances. We are committed to providing customers with various options to help access and easily navigate our website. We offer a range of services for those who have disabilities including sight loss or visual impairment, difficulty with numbers or reading and difficulty with hearing or speech. You can find details of the services available at Help with this site section below.
The categories of Personal Data about you that we Process, subject to applicable law, are as follows:
- Personal Identifiers: your name, gender; date of birth, marital status; Passport or National ID number; (tax identification number(s), nationality; images of passports; a sample of your signature; online authentication information (passwords, mother’s maiden name, challenge/response questions and answers, PINs, facial and voice recognition data); photographs; visual images; and personal appearance and behaviour.
- Family details: names and contact details of family members and dependents or beneficiaries of trusts.
- Business and personal contact details: address; telephone number; email address; and social media profile details.
- Former employment: industry; role; business activities; names of current and former employers; work address; telephone number; work email address; and work-related social media profile details.
- Financial details: billing address; bank account numbers; credit card numbers; cardholder or accountholder name and details; instruction records; transaction details; and counterparty details.
Sensitive Personal Data: We do not archive nor collect protected categories of data. Please note that if you are a US Person we will store your Social Security Number, Drivers License and Passport. In some US jurisdictions these documents are considered sensitive.
Our UK Citi entities, branches, subsidiaries or affiliates, may process your personal information for the reasons set out below.
(a) Where the processing is necessary in relation to a surviving provision of a contract a Divested Business had with you |
|
(b) Where we are required by applicable law |
|
(c) Where necessary for Citi or an identified third party’s legitimate interests (as listed here) |
|
(d) Where you consent and instruct us to perform certain operations |
You can withdraw or revoke consents in this section at any time. However, if we need your consent to process to carry out an operation, we will not be able to perform that operation or provide certain services and we will cease using your data for that purpose, but may continue to process your data for other purposes under lawful grounds such as where we are legally required to keep records of transactions. Withdrawing or revoking your consent will not affect any processing of your information in relation to any operation that has already taken place. |
We safeguard and store information that you provided us directly, and information we learnt about you from our communications and dealings with you. We may have also obtained information about you from others, as set out below.
(a) Our clients | The individual, corporate or institutional client you were associated with (if relevant) in the UK, EU/EEA or outside the EU/EEA. We will have collected your name, company, title and job description and contact details such as email address and telephone number or business address. |
(b) Public sources | Sources both inside and outside the UK and EU/EEA, such as credit reference agencies, fraud prevention agencies, professional background checking entities, international sanctions lists, and publicly available databases or data sources. The information we obtain from credit reference agencies will have included public information such as county court judgments and information from the electoral register. Data we obtain may be shared with Citi Companies and include your name, gender (including any former gender), company, title and job description and contact details such as email address, telephone number and business address, details about your personal or business interests or activities. |
(c) Other sources | Any research agencies that may have carried out research on our behalf both inside the UK and the EU/EEA and outside these territories . |
We do not collect historical information under the legal basis of consent. Please refer to the table in Section 3 for the consequences of not providing consent where it is needed for processing.
We disclose your personal information, as applicable:
- to the bank or financial institution that acquired the divested consumer finance business portfolio and, subject to legal restrictions, to in-country Citi affiliates, for the purpose of winding down a business line and other purposes identified in this Privacy Statement;
- in case of threatened or filed litigation, to our counsel and external advisors;
- in case of substantial business risks and as permitted by applicable law, to our parent and group companies, who may process and exchange personal data with the responsible Citigroup chief trust officer, senior risk officer, compliance officer, tax officer, anti-money laundering officer, fraud officer, audit officer, data protection officer, control officer, Citi leadership team, and Citi managers;
- at the request of any financial institution, payment infrastructure provider, custodian, sub-custodian, fund houses, fund administrators or issuers of securities, in relation to any maturing payment or repayment of a closed (but still active) trust, loan or investment;
- as required in order to establish, exercise or defend or to protect legal proceedings, including in relation to contracts with our clients and in order to protect the rights, property, or safety of us, our business, any Citi entities, our clients or others including to legal, tax or other professional advisors, government and law enforcement authorities, and with other parties involved in, or contemplating, legal proceedings;
- with authorities in any jurisdiction including any government, judicial, or regulatory body of which your Data Controller entity is subject to, in the following cases: (i) if false or inaccurate information was gathered, in case of a criminal or money laundering investigation, (ii) for or in connection with an examination of us by our parent bank or other examiners; (iii) pursuant to subpoena or other legal process; (iv) at the express direction of any other authorised government agency; (v) to our internal or external attorneys or auditors; (vi) to others to whom the Data Controllers are required to make such disclosure by applicable law, including attorneys nominated to represent you under a Lasting Power of Attorney or by the Court of Protection under the Mental Capacity Act 2005.
- we will also disclose your information:
- Without divulging or giving access to your banking or transaction details, to our sub-contractors who we have engaged for storage of your information under strict confidentiality undertakings;
- to any bank, financial institution, law firm or company that processes claims (including class actions) on your behalf, whether contractual or not, arising out of a closed relationship, and to the Credit Management Companies you have given authority to; and
- to third parties providing data services to us, in respect of any claims or queries arising out of, or in relation with, any agreement that existed between you and us, including specifically our processors (a) Equiniti (in the UK) and (b) Tata Consulting Services (TCS) in Singapore and other countries.
We archive your personal and financial data within our European IT network, or when authorised by local regulators, within secured IT virtual servers or private cloud networks and deep archive solutions subcontracted by Citi for electronic and paper records. Please note that only us, and the bank or financial institution that acquired our consumer finance business, and our and their financial and prudential regulators, have legal right to access and audit your personal or financial data.
Due to the nature of electronic communications, data processors store transient copies that are subsequently deleted after the customer data is processed, and there is no mandate to retain it under applicable law.
Personal data processed in connection with a divested consumer finance business is stored during the term in which that account or product (and any transaction under it) remained open or ‘active’. This is followed by a retention period, the length of which is reasonably determined by Citi, taking into account the statute of limitations (the Limitations Act 1980) which establishes timescales for civil liability after contract termination. In most cases, your information is deleted after 7 years from the closure of your account or product at Citi. In document that were witnessed or executed as Deeds, that term is between 10 and 12 years. We will retain voice recordings or electronic communications for shorter periods (instructions for 5 years and transient records are deleted at the end of each calendar year). We dispose of our records, and any personal data that is contained in them, at the end of their corresponding retention period. We may hold on to contractual and personal data if under applicable law, financial or data regulators or a court of law instruct us to save certain data during ongoing investigations or during litigation.
There is no automated decision-making or profiling that can result in legal, or other substantially similar effects, that is undertaken by Citi in connection with retained data from divested consumer business operations.
11.1 You can ask us to: (a) provide a copy of your personal information; (b) correct errors or mistakes in your personal information; (c) erase your personal information after the statutory limitation period has expired (if we have not already disposed of your data); (d) transfer your personal information to other organisations; and (e) restrict processing of your personal information. These rights are limited by law, in particular as this privacy notice relates to the processing of historical data stored in ‘vaults’, certain rights relating deletion or transfer to a designated person may be impossible or involve a disproportionate effort. Citi does not use or share any data relating to divested consumer finance businesses for marketing purposes.
11.2 If you wish to exercise your data rights, or if you have any queries about your personal information, please contact Canada Square Operations Limited using the contact details provided in Section 2.1 of this Privacy Statement. If you have any unresolved concerns, you can reach out to our UK Data Protection Office. You also have the right to complain to the Information Commissioner’s Office and/or the Jersey Office of the Information Commissioner, as detailed in Section 2.
For information on Cookies and Online Identifiers, including Mobile App trackers please refer to the Cookies section on Citi websites.
If we modify this Privacy Statement at any time we will place the modified versions on this website. We encourage you to regularly review this Privacy Statement to ensure that you are always aware of what personal information we collect and how we use, store and disclose.