We comply with the privacy and data protection laws of the United Kingdom Government (Data Protection Act 2018 and the General Data Protection Regulation (EU) 2016/679), which are among the world's toughest.
1. Our Collection of your Personal Data
The information we collect may include your name (first and last name), photo, a copy of document(s) confirming your identity, gender, address, email address, phone number, mobile number, login credentials, transaction information, IP address, product and service selections and other things that identify you. We collect personal data from you at several different points, including but not limited to the following:
- when you visit our site
- when we correspond with you as a customer or prospective customer
- when you register as a user of our services and an account is created for you at online.citizencard.com
- when you use our services and apply for an ID card using a paper form or using our online application process for individuals at online.citizencard.com or by using our paperless application scheme for registered organisations* at ebulk.citizencard.com (* registered schools, universities, councils, prisons and charities)
- when you contact us either via email or via our Support Centre - support.citizencard.com
- when the site sends us error reports or application analytics data
- when you use our e-IDVT (Electronic ID Validation Technology) service you will have to agree to your data (photo ID document, liveness check and selfies) being assessed by Yoti Doc Scan for the purpose of identity verification.
2. Our Use of your Personal Data
CitizenCard may use information that we collect about you to:
- deliver the products and services that you have requested e.g. verify your identity to issue you with an ID card
- confirm that you are a legitimate cardholder if a retailer or other organisation needs to verify your card as valid or confirm your age and likeness on verify.citizencard.com
- manage your customer relationship and provide you with customer support
- help improve our products and services and customise user experience
- perform research and analysis about your use of, or interest in, our products, services, or content
- communicate with you by email, postal mail, phone or mobile devices about our products or services that may be of interest to you
- develop and display content tailored to your interests on our site
- manage our business including but not limited to: accounting, statistics etc
- enforce our Terms and Conditions.
3. Our Disclosure of your Personal Data to Third Parties
- we provide Experian, an information company, with access to CitizenCard data for the purpose of age validation, identity authentication and fraud prevention; if a website or other organisation wishes to ascertain the identity or age of one of its users, Experian can corroborate the information supplied against details held on the CitizenCard database
- we provide Yoti, a digital identity company, and 1Account, an online age verification company, with the ability to confirm electronically the validity of a cardholder provided that the cardholder has given Yoti or 1Account their consent to so doing
- we use Yoti Doc Scan to power our e-IDVT (Electronic ID Validation Technology) service which enables Yoti to submit the ID documents and selfies of suspected fraudsters to law enforcement bodies to help authorities in detection and prevention of fraud
- we provide retailers and other organisations with the ability to confirm that you are a legitimate cardholder on verify.citizencard.com provided that you have given them your consent either by sharing your card details with them or by letting them scan the QR code on your card reverse
- we may disclose your personal information to the extent that we are required to do so by law
CitizenCard data is not used for any other purpose.
4. Our Security Measures to Protect your Personal data
We take all reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information. We store all the personal information you provide on our secure password and firewall protected servers in world-class UK data centres. Any personal details you provide via online forms on our websites are encrypted with SSL technology to secure the communication between your browser and our servers.
We use Braintree and PayPal to process transactions made at online.citizencard.com so your debit or credit card details are always secure. We do not store credit card or debit card details of our customers. Information about PayPal security can be found at https://www.paypal.com/uk/webapps/mpp/paypal-safety-and-security and details about Braintree security can be found at https://www.braintreepayments.com/gb/features/data-security.
The CitizenCard site contains links to other websites. We are not responsible for the privacy policies or practices of third-party websites you may visit.
Cookies are small text data files that some websites place on your computer or other device when you visit them. They're used by many if not the majority of modern websites, including by informational, membership and commercial sites like citizencard.com and related subdomains such as support.citizencard.com, online.citizencard.com and verify.citizencard.com. Cookies are linked to the machine you use to visit our site and not to you as an individual so they are not 'personal' in that sense. Unless you login or provide personal data through your use of this website, no personal information is collected.
Cookies are commonly used by websites to remember some aspect of your current or previous visit. This could include things like the choices you've made or preferences you've chosen during your visit. Websites commonly do this in order to improve or tailor your current and future visits to that site or other related sites.
Cookies on citizencard.com and its subdomains are also necessary for the correct functioning of some aspects of the site such as the application process for an identity card, and retaining information to ensure that discount codes or referral commission you may have earned through recommending CitizenCard ID to your friends, can be collected and discounts, or commission, correctly assigned to you (where relevant). We may use both "session" cookies and "persistent" cookies on the site. Session cookies will be deleted from your computer when you close your browser. Persistent cookies will remain stored on your computer until deleted, or until they reach a specified expiry date.
The information stored in a cookie can only be read by the website that placed the cookie or other sites that it has agreed to share information with.
- store details that help you apply for and manage your CitizenCard online which are strictly necessary to the process
- store details that enable us to apply discounts and commission to you
- store details that help you to contact us via our Support Centre
- find out how people use our sites, such as how often they visit, which web browsers and screen resolution they use, which pages they go to, and which links they click on, so that we can improve our sites. For this purpose we use Google Analytics to provide insight on user visits patterns (such as the most popular pages, or most searched for terms), and cookies stored on your computer will contribute to that data which is collated from all visitors (with cookies enabled).
How to turn off cookies:
You can turn off cookies in your browser settings (usually Tools, Options or Privacy Settings). See allaboutcookies.org for more info or consult the 'Help' section of your browser. If you do turn off cookies, please be aware we may not be able to process your online application and other functions on the site may not work for you.
Web Analytics Services
6. Legal Basis for Processing your Personal data
With respect to personal data collected from individuals from the United Kingdom, our legal basis for collecting and using the personal data will depend on the personal data concerned and the specific context in which we collect it. CitizenCard will normally collect personal data from you only where:
- we have your consent to do so
- where we need the personal data to deliver the services you have requested (e.g. process your application for a CitizenCard proof of age and ID card)
- where the processing is in our legitimate interests (and not overridden by your data protection interests or fundamental rights and freedoms).
7. Limiting Use, Disclosure, Retention
CitizenCard identifies the purposes for which the information is being collected before or at the time of collection. The collection of your personal data will be limited to that which is needed for the purposes identified by our company. Unless you consent or we are required by law, we will only use the personal data for the purposes for which it was collected. If CitizenCard will be processing your personal data for another purpose later on, we will seek your further legal permission or consent; except where the other purpose is compatible with the original purpose. We will keep your personal data only as long as required to serve those purposes. We will also retain and use your personal data for as long as necessary to comply with our legal obligations.
8. Your Access to and Updating of your Personal data
If you are a CitizenCard cardholder, you can update your information e.g. address or contact details and we encourage you to do so on Update Your Personal Details page.
9. Communications Preferences
We offer those who provide personal contact information a means to choose how we use the information provided (for instance to enable us to communicate via email, letter and/or SMS). You may manage your receipt of communications by clicking on the "unsubscribe" link located on the bottom of our emails.
Users of our services registered at online.citizencard.com can manage their communication preferences in the ‘Update Communication Preferences’ section of their online account.
10. Additional Rights
You may have the right to exercise additional rights available to you under UK applicable laws, including:
Right of erasure. You may have a broader right to erasure of personal data that we hold about you. For example, if it is no longer necessary in relation to the purposes for which it was originally collected. Please note, however, that we may need to retain certain information for record keeping purposes or to comply with our legal obligations.
Right to object to processing. You may have the right to request that we stop processing your personal data and/or to stop sending you marketing communications.
Right to restrict processing. You may have the right to request that we restrict processing of your personal data in certain circumstances. For example, where you believe that the personal data we hold about you is inaccurate or unlawfully held.
Right to data portability: In certain circumstances, you may have the right to be provided with your personal data in a structured, machine readable and commonly used format and to request that we transfer the personal data to another data controller without hindrance.
12. Contacting Us
Updated 22 March 2021