Privacy Policy

Last Updated 28 May 2024

We are committed to safeguarding the privacy of our website visitors. This Privacy Policy describes the ways we collect information from and about you, and what we do with the information, so that you may decide whether or not to provide information to us. By accessing our website or purchasing our services you agree to this Privacy Policy in addition to CitizenCard Terms and Conditions.

1. Our Collection of your Personal Data

If you act as our customer, the information we collect may include your title, full name (given names and surname), date of birth, signature, photo, a copy of document(s) confirming your identity, gender, address, email address, phone number, mobile number, login credentials, transaction information, IP address, product and service selections. We collect personal data from you at several different points, including but not limited to the following:

  • when you visit our site
  • when you correspond with us as a customer or prospective customer
  • when you register as a user of our services and an account is created for you at
  • when you use our services and apply for a Proof of Age and ID card using a postal (paper) form or using our online application process for individuals at or by using our paperless application scheme for registered organisations* at (* registered schools, universities, councils, prisons and charities)
  • when you contact us either via email or via our Support Centre -
  • when the site sends us error reports or application analytics data
  • when we attempt to verify that a card has been issued by us at or using the PASS Card Verify app available on the Google Play Store and the Apple App Store
  • when you use our e-IDVT (Electronic ID Validation Technology) service you will have to agree to your data (photo ID document, liveness check and selfies) being assessed by Yoti Identity Verification for the purpose of document and identity validation
  • when you buy third party products or services from SimpleSavings Offers hosted at on behalf of third parties; CitizenCard Limited will never receive or hold financial information from those transactions
  • when you interact with our social media, for example via comments, shares and likes on our social media posts, or when you visit by following a link from social media
  • when you open an email from CitizenCard; we use technology to tailor the communications that you receive, and to ensure that you don't receive emails that are not interesting to you or that you have opted out of; you can unsubscribe from our emails and manage your preferences at any time and this will not affect the validity of your CitizenCard.

If you act as a referee to support an application for a CitizenCard, the information we collect may include your title, full name (given names and surname), your signature, job title, professional registration number (if any), name of original document(s) you have seen to confirm applicant's identity (if any), applicant's given names, surname and date of birth according to the documents you have seen or records you hold, information confirming whether you know the applicant, how you know them and how long have you known them, any concern you might have regarding the application, business address, email address, phone number, mobile number and IP address. We collect personal data from you at several different points, including but not limited to the following:

  • when you visit our site to complete the Digital Referee Declaration Form or the Statement of Truth to support an online application
  • when you support and countersign a postal (paper) application
  • when you correspond with us as a referee or prospective referee
  • when you contact us either via email or via our Support Centre -
  • when the site sends us error reports or application analytics data
  • when we contact you to verify the information provided.

2. Our Use of your Personal Data

CitizenCard may use information that we collect about you to:

  • deliver the products and services that you have requested as our customer e.g. verify your identity to issue you with an ID card or confirm applicant's identity if you acted as a referee to support an application
  • confirm that you are a legitimate cardholder if a retailer or other organisation needs to verify your card as valid or confirm your age and likeness at or using the PASS Card Verify app available on the Google Play Store and the Apple App Store
  • manage your customer relationship and provide you with customer support
  • help improve our products and services and customise user experience
  • perform research and analysis about your use of, or interest in, our products, services, or content
  • communicate with you by email, postal mail, phone or mobile devices about our products or services that may be of interest to you
  • develop and display content tailored to your interests on our site
  • manage our business including but not limited to: accounting, statistics etc
  • help improve the information you see about the SimpleSavings scheme
  • enforce our Terms and Conditions.

3. Our Disclosure of your Personal Data to Third Parties

We may share your personal data with third parties only in the ways that are described in this Privacy Policy:

  • we provide Yoti, a digital identity company, and 1Account, an online age verification company, with the ability to confirm electronically the validity of a cardholder provided that the cardholder has given Yoti or 1Account their consent to this
  • we use Yoti Identity Verification to power our e-IDVT (Electronic ID Validation Technology) service which enables Yoti to submit the ID documents and selfies of suspected fraudsters to law enforcement bodies to help authorities in detection and prevention of fraud
  • we provide retailers and other organisations with the ability to confirm that you are a legitimate cardholder at or by using the PASS Card Verify app available on the Google Play Store and the Apple App Store, provided that you have given them your consent either by sharing your card details with them, letting them scan the QR code on your card reverse or take a photo of the front of your card
  • we use Google Cloud Vision API together with our own machine learning technology to make sure a photo you upload to support your online application complies with passport quality standards; Google does not use an anonymous photo it receives for any other purpose nor share it with third-parties and the photo is deleted right after the processing is done
  • we use Google Cloud Vision API to extract full card details from photos taken by the PASS Card Verify app to verify whether the card is genuine or not; Google does not use a photo of a card it receives for any other purpose nor share it with third-parties and the photo is deleted right after the processing is done
  • we share your full name and address with our delivery provider, Royal Mail, who deliver your card to you
  • we may disclose your personal information to law enforcement agencies to the extent that we are required to do so by law

CitizenCard data is not used for any other purpose.

4. Our Security Measures to Protect your Personal data

We take all reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information. We store all the personal information you provide on our secure password and firewall protected servers in world-class UK data centres. Any personal details you provide via online forms on our websites are encrypted with SSL technology to secure the communication between your browser and our servers.

We use Braintree and PayPal to process transactions made at so your debit or credit card details are always secure. We do not store credit card or debit card details of our customers. Information about PayPal security can be found at and details about Braintree security can be found at

The CitizenCard site contains links to other websites. We are not responsible for the privacy policies or practices of third-party websites you may visit once you have left the CitizenCard website.

5. Our Use of Cookies and Web Analytics Services


Cookies are necessary for the full functioning of this site. By using the CitizenCard site and any linked sub-domains/sites on, you are providing implied consent to the use of cookies on this site in accordance with the terms of this policy. You can disable cookies (further information below), but if you do, you may find that parts of the site will not function correctly for you and we may not be able to complete requests on your behalf such as the online CitizenCard application process. If you do not consent to the use of cookies and wish to disable cookies resulting in impaired website functionality, you should discontinue use of the site.

Cookies are small text data files that some websites place on your computer or other device when you visit them. They're used by many if not the majority of modern websites, including by informational, membership and commercial sites like and related subdomains such as, and Cookies are linked to the machine you use to visit our site and not to you as an individual so they are not 'personal' in that sense. Unless you login or provide personal data through your use of this website, no personal information is collected.

Cookies are commonly used by websites to remember some aspect of your current or previous visit. This could include things like the choices you've made or preferences you've chosen during your visit. Websites commonly do this in order to improve or tailor your current and future visits to that site or other related sites.

Cookies on and its subdomains are also necessary for the correct functioning of some aspects of the site such as the application process for an identity card, and retaining information to ensure that discount codes or referral commission you may have earned through recommending CitizenCard ID to your friends, can be collected and discounts, or commission, correctly assigned to you (where relevant). We may use both "session" cookies and "persistent" cookies on the site. Session cookies will be deleted from your computer when you close your browser. Persistent cookies will remain stored on your computer until deleted, or until they reach a specified expiry date.

The information stored in a cookie can only be read by the website that placed the cookie or other sites that it has agreed to share information with.

At CitizenCard Ltd, we are committed to protecting your privacy and security to ensuring that we meet all regulations. Our policy is to use cookies only to improve your user experience and the way we do business with you, and when they are essential to the practical and technical functioning of the website(s).

We may use cookies to:

  • store details that help you apply for and manage your CitizenCard online which are strictly necessary to the process
  • store details that enable us to apply discounts and commission to you
  • store details that help you to contact us via our Support Centre
  • ensure that you can redeem an Offer in the SimpleSavings scheme
  • find out how people use our sites, such as how often they visit, which web browsers and screen resolution they use, which pages they go to, and which links they click on, so that we can improve our sites. For this purpose, we use Google Analytics to provide insight on user visits patterns (such as the most popular pages, or most searched for terms), and cookies stored on your computer will contribute to that data which is collated from all visitors (with cookies enabled).

We do not currently use cookies to serve you any targeted advertising on Were we to do so at some future point, the privacy and cookie policy would be updated to reflect this and you would have the option to opt out by disabling cookies or discontinuing site use in full or in part as you do now.

How to turn off cookies:

You can turn off cookies in your browser settings (usually Tools, Options or Privacy Settings). See for more info or consult the 'Help' section of your browser. If you do turn off cookies, please be aware we may not be able to process your online application and other functions on the site may not work for you.

Web Analytics Services

We use Google Analytics, a service for the marketing analysis of the site provided by Google, Inc. Google Analytics uses cookies to allow us to see how you use our site so we can improve your experience. Google's ability to use and share information collected by Google Analytics about your visits to the site is restricted by the Google Analytics Terms of Use available at and the Google Privacy Policy available at You can prevent Google Analytics from recognising you on return visits to the site by disabling cookies in your browser. If you prefer to not have data reported by Google Analytics, you can install the Google Analytics Opt-out Browser Add-on available at

6. Legal Basis for Processing your Personal data

With respect to personal data collected from individuals resident in the United Kingdom, our legal basis for collecting and using the personal data will depend on the personal data concerned and the specific context in which we collect it. CitizenCard will normally collect personal data from you only where:

  • we have your consent to do so
  • where we need the personal data to deliver the services you have requested (e.g. process your application for a CitizenCard Proof of Age and ID card)
  • where the processing is in our legitimate interests (and not overridden by your data protection interests or fundamental rights and freedoms).

7. Limiting Use, Disclosure, Retention

CitizenCard identifies the purposes for which the information is being collected before or at the time of collection. The collection of your personal data will be limited to that which is needed for the purposes identified by our company. Unless you consent or we are required by law, we will only use the personal data for the purposes for which it was collected. If CitizenCard will be processing your personal data for another purpose later on, we will seek your further legal permission or consent; except where the other purpose is compatible with the original purpose. We will keep your personal data only as long as required to serve those purposes.

Paper records are retained for the following maximum periods after which time they are shredded:

  • Successful and failed applicant records – 3 months after an application has been received
  • Pending applicant records – 12 months after the initial application has been received.

Digital records are retained for:

  • Customers and their digital applications containing applicant's personal data and their referees - 20 years after record creation so customers can apply for replacement cards without being re-verified, applicants can continue pending applications and we can verify cards as valid either at or when the PASS Card Verify app is used; after 20 years the data is moved to a Secure Archive with restricted access so we can collaborate with law enforcement agencies when necessary
  • Electronic communications such as emails - 10 years following the most recent contact made by an applicant or a referee after which the data is deleted
  • Photos of cards processed by the PASS Card Verify mobile app - 90 days following image creation after which the data is deleted
  • Card verification web-page for a card check made at - 2 minutes following page creation after which the page is deleted
  • Card Verification results for checks made at and via the PASS Card Verify app - 5 years following a check after which the data is anonymised (all personal information removed)
  • Yoti Identity Verification, our Electronic ID Validation Technology supplier, retains the data for 28 days following the completion of the Identity Verification session
  • Royal Mail, our delivery provider, retains the data only for as long as they need to use it to provide the service requested.

8. Your Access to and Updating of your Personal data

Reasonable access to your personal data may be provided upon request made to CitizenCard via email at This email address is being protected from spambots. You need JavaScript enabled to view it.. If access cannot be provided within that time frame, CitizenCard will provide the requesting party a date when the information will be provided. If for some reason access is denied, we will provide an explanation as to why access has been denied.

If you are a CitizenCard cardholder, you can update your information e.g. address or contact details and we encourage you to do so on Update Your Personal Details page.

If you would like us to delete any personal data held about you, we will do so on request unless we need to hold the information as part of the provision of products and services to you. Data removal requests should be sent (include your name and CitizenCard card number) via email to This email address is being protected from spambots. You need JavaScript enabled to view it..

9. Communications Preferences

We offer those who provide personal contact information a means to choose how we use the information provided (for instance to enable us to communicate via email, letter and/or SMS). You may manage your receipt of communications by clicking on the "unsubscribe" link located on the bottom of our emails.

Users of our services registered at can manage their communication preferences in the "Update Communication Preferences" section of their online account.

10. Additional Rights

You may have the right to exercise additional rights available to you under UK applicable laws, including:

Right of erasure

You may have a broader right to erasure of personal data that we hold about you. For example, if it is no longer necessary in relation to the purposes for which it was originally collected. Please note, however, that we may need to retain certain information for record keeping purposes or to comply with our legal obligations.

Right to object to processing

You may have the right to request that we stop processing your personal data and/or to stop sending you marketing communications.

Right to restrict processing

You may have the right to request that we restrict processing of your personal data in certain circumstances. For example, where you believe that the personal data we hold about you is inaccurate or unlawfully held.

Right to data portability

In certain circumstances, you may have the right to be provided with your personal data in a structured, machine readable and commonly used format and to request that we transfer the personal data to another data controller without hindrance.

If you would like to exercise any of the above rights, please contact our support team via email at This email address is being protected from spambots. You need JavaScript enabled to view it.. We will consider your request in accordance with applicable laws. To protect your privacy and security, we may take steps to verify your identity before complying with the request. You also have the right to complain to a data protection authority about our collection and use of your personal data. For more information, please contact your local data protection authority.

11. Changes to our Privacy Policy

CitizenCard may amend this Privacy Policy at any time by posting a new version. It is your responsibility to review this Privacy Policy periodically, as your continued use of this site and our products and services represents your agreement with the then-current Privacy Policy.

12. Contacting Us

If you have any questions about this Privacy Policy, the practices or concerns of this site, please contact our support team via email at This email address is being protected from spambots. You need JavaScript enabled to view it..