We comply with UK data protection law, including the UK GDPR and the Data Protection Act 2018. All your personal details are stored in encrypted databases on secure servers.

We maintain your information in our databases to swiftly verify your identity in case of any inquiries about your ID card. Additionally, these details grant you access to SimpleSavings deals and offers. In the unfortunate event of a lost or stolen card, having your information on file enables us to promptly issue a replacement card.

We provide Yoti, a digital identity company, 1Account, an online age verification company, Arissian, via their Luciditi digital identity platform and Vouchsafe, an online identity verification platform with the ability to confirm electronically the validity of a cardholder through our secure API, provided that the cardholder has given Yoti, 1Account, Arissian or Vouchsafe their consent to do this check.

When using the Electronic ID Validation process, you must agree to your data (photo ID document and liveness capture) being assessed by Yoti Identity Verification for the purpose of document and identity validation. Yoti may submit the ID documents and images of suspected fraudsters to law enforcement bodies to help authorities detect and prevent fraud. If you choose this route, we also ask for your explicit consent to perform a biometric face similarity comparison using Amazon Web Services (AWS) Rekognition "CompareFaces". This compares your uploaded photo with the Yoti-provided liveness still. The result supports human review and does not by itself determine application outcomes. You can withdraw consent before the comparison is performed by choosing a different verification route.

We may perform an automated document text extraction using Amazon Web Services (AWS) Textract "AnalyzeID" to identify and validate key fields (e.g., name, date of birth, expiry date) on identity documents you submit, helping to cross-check your details and support auditability.

We provide retailers and other organisations with the ability to confirm that you are a legitimate cardholder at verify.citizencard.com or by using the PASS Card Verify app available on the Google Play Store and Apple App Store, provided that you have given them your consent either by sharing your card details with them, allowing them to scan the QR code on the reverse of your card or permitting them to take a photo of the front of your card.

When you apply online, we use Google Cloud Vision API together with our own machine learning technology to make sure a photo you upload to support your online application complies with passport quality standards. These checks are not used to identify you. Google does not use an anonymous photo it receives for any other purpose nor share it with third-parties and the photo is deleted right after the processing is done.

We use Google Cloud Vision API to extract full card details from photos taken by the PASS Card Verify app to verify whether the card is genuine or not. Google does not use a photo of a card it receives for any other purpose nor share it with third-parties and the photo is deleted right after the processing is done.

We provide your full name and address to our delivery provider, Royal Mail, who handles the delivery of your card.

We share anonymised analytics data with Google Analytics to better understand website usage, gather insights into user behaviour, and improve website performance. Additionally, we might track registered users across devices and sessions using Google Analytics' User-ID feature on online.citizencard.com, which provides a more accurate analysis of customer interactions. Both features of Google Analytics are contingent upon your consent to the use of 'Analytics' cookies, as managed through the cookie banner on our website.

We may utilise SurveyMonkey to conduct surveys as part of our email campaigns, which you might receive if you have opted in to marketing communications.

If you are over the age of thirteen and have consented to receive email and/or SMS marketing communications, we may share your email address, given names, surname, age, gender and mobile number with Mailchimp for the purpose of delivering tailored marketing campaigns.

We could disclose your personal information to law enforcement agencies when required to comply with legal obligations.

If you are a CitizenCard cardholder you can request that your data is removed from our database by emailing your name and card number to [email protected]. Alternatively, please Contact Us using our Support Centre and select Contact department.