This Privacy Policy (“Policy”) explains how Citizen Mutual Bank Limited and its affiliates (“Citizen Mutual,” “we,” “us,” or “our”) collect, use, share, and protect personal data about you when you interact with our websites, applications, accounts, services, or integrate with our systems. By using our services, you agree to the terms of this Policy.

1. INFORMATION WE COLLECT

We collect information about you from your interactions with us, from third parties, and from the use of our services.

1.1. Information you provide directly

• Personal identifiers: name, address, email, phone number, previous addresses.
• Financial information: debit or credit card details, transaction history.
• Multimedia: photographs, videos, or audio files.
• Job applications or service submissions.

1.2. Information from your activity

• Transactional data from our banking and financial services.
• Usage information from our websites, apps, and Marketplace integrations.
• Technical data: IP address, device identifiers, operating system, browser type and version, time zone, and login credentials.
• App data: installation, use, and uninstallation information; GPS location where applicable; and cookies (see Cookie Policy).

1.3. Information from third parties

• Marketplace partners and integrated service providers.
• Credit reference agencies, fraud prevention agencies, and other business partners.

1.4. Special category data

Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sexual orientation, or biometric data (if used for identification).

2. HOW WE USE YOUR INFORMATION

We use your information to operate and improve our banking platform, comply with legal obligations, and provide a secure and personalized experience.

2.1. Operations and services

• Manage accounts, process payments, and provide banking and financial services, including via digital wallets (e.g., Google Pay, Apple Pay).
• Administer Marketplace and integrated services.
• Ensure website and app functionality and optimize user experience.

2.2. Business administration and compliance

• Fraud detection, data analysis, research, staff training, and testing.
• Regulatory compliance, including with financial, tax, and auditing requirements.
• Credit and fraud risk assessments via reference agencies.

2.3. Marketing and communications

Provide information about products or services you request or may be interested in. Use analytics and communication platforms to optimize marketing and service delivery.

2.4. Legal basis for processing

Legitimate interests in providing services, improving operations, and marketing. Performance of contracts with you or third-party service providers. Consent where required, particularly for special category data or marketing communications.

3. WHO WE SHARE YOUR INFORMATION WITH

We may share your information with:

• Affiliates, business partners, suppliers, and service providers.
• Marketplace and professional partners where you choose to integrate or share data.
• Credit reference and fraud prevention agencies.
• Regulators, law enforcement, tax authorities, or as required by law.
• Third-party platforms (e.g., Google Maps APIs) under their respective privacy policies.

Note: Your information may remain publicly available if previously shared on external platforms.

4. AUTOMATED DECISION-MAKING

We do not perform fully automated decisions (including profiling) that have legal or significant effects on you without human review.

5. DATA STORAGE AND TRANSFER

5.1. Storage locations

UK and EEA servers with secure, encrypted storage. Limited staff access to physical and digital data.

5.2. International transfers

Certain third-party services or payment systems may require processing outside the UK or EEA. We implement safeguards to ensure compliance with applicable data protection laws.

5.3. Security

Transmission over the Internet is never 100% secure; however, we use strict procedures to protect your information.

6. YOUR RIGHTS

You may exercise the following rights:

• 6.1. Access: Request information we hold about you via the app or at support@citizenmutual.com.
• 6.2. Rectification: Update incorrect or incomplete information.
• 6.3. Deletion: Request deletion, subject to legal or contractual retention obligations.
• 6.4. Objection or restriction: Object to, withdraw consent, or limit processing.
• 6.5. Data portability: Request a copy of your information for transfer to another controller.
• 6.6. Complaints: Lodge a complaint with the Information Commissioner’s Office (ICO).

7. UPDATES AND CONTACT

7.1. Updates

This Policy may be updated at any time. Changes are effective immediately upon posting on our websites.

7.2. Contact

Email: support@citizenmutual.com

Data controller: Citizen Mutual Bank Limited, 40 Bank Street, London, E14 5NR, United Kingdom

8. DEFINITIONS

Affiliates: Holding and subsidiary companies of Citizen Mutual.

Data protection laws: GDPR (EU 2016/679) or equivalent UK laws.

EEA: European Economic Area. Our websites: www.citizenmutual.com, Citizen Mutual Online Banking, and related sites.