Your privacy is important to us. This notice (privacy notice) applies to personal information we collect from you when you use this site. If you’re an HSBC customer, or otherwise have a relationship with us, we may also have provided you with a separate privacy notice setting out how we use your personal information, which will also apply. You can also find that privacy notice by visiting the website for the product or services we provide you (for example, www.hsbc.co.uk in the UK or www.hsbc.com.hk in Hong Kong) or by contacting your customer service team.
Some of the links on this website may lead to HSBC or non-HSBC websites with their own privacy notices, which may be different to this notice, and you should read those notices carefully.
For the purposes of this privacy notice, the data controller is HSBC Holdings plc with its address at 8 Canada Square, London E14 5HQ, UK. We’ve also set out contact details towards the end of this notice.
We may collect and process the following information about you:
We may also ask you for information if you experience problems when using this site. We may also ask you to complete surveys for research purposes, although you don’t have to respond to these.
If we have an existing relationship with you, and we are able to identify you from information obtained or provided by your use of the site, we may associate those sets of information, for example to enable us to respond to a query you have submitted.
We’ll only use your information where we have your consent or we have another lawful reason for using it. Unless we say otherwise below, we’ll use your personal information on the basis that it’s within our legitimate interests in operating and maintaining the site, and providing you with site functionality and related services. We may use information provided or obtained via this site to:
We also use information to meet our compliance obligations, to comply with other laws and regulations and to share with regulators and other authorities that HSBC Group companies are subject to. This may include using it to help detect or prevent crime (including terrorism financing, money laundering and other financial crimes). We’ll only do this on the basis that it’s needed to comply with a legal obligation, it’s in our legitimate interests and that of others or to prevent or detect unlawful acts.
We may share your information in order to provide you with products or services you’ve requested (for example, if they’re not provided by the HSBC entity operating this site), if we have a legitimate interest in doing so (for example, to manage risk, verify your identity, to combat fraud, abuse of our site or services), or where you’ve agreed to us doing so.
We may share your information with others including: other HSBC Group companies and any of our service providers; anyone else whose products and services you’ve requested; anyone who we’re under an obligation to disclose information to or where it’s in the public interest (for example to prevent or detect fraud, abuse of our site or services).
We may collect information about your computer (or mobile device), including where available your IP address, operating system and browser type, for system administration or for our own commercial purposes. This is statistical data about our users’ browsing actions and patterns.
We keep information in line with our data retention policy. For example, if you’re a customer, we’ll normally keep core banking data for seven years from the end of our relationship. We retain information to comply with legal or regulatory requirements or for our legitimate purposes, such as responding to enquiries, and may sometimes need to keep it for a longer period; if we don’t need to retain it for as long, we may delete, destroy or anonymise it sooner. This enables us to comply with legal and regulatory requirements or use it where we need to for our legitimate purposes such as dealing with any enquiries.
We may need to retain your information for a longer period where we need the information to comply with regulatory or legal requirements or where we may need it for our legitimate purposes, e.g. to help us respond to queries or complaints, fighting fraud and financial crime, responding to requests from regulators, etc. If we don’t need to retain information for this period of time, we may destroy, delete or anonymise it more promptly.
Your information may be transferred to and stored in locations outside the European Economic Area (EEA), including countries that may not have the same level of protection for personal information. When we do this, we’ll ensure it has an appropriate level of protection and that the transfer is lawful.
You can obtain more details of the protection given to your information when it’s transferred outside the EEA by contacting us using the details in the ‘More details about your information’ section below.
You have a number of rights in relation to the information that we hold about you. These rights include:
You can exercise your rights by contacting us using the details set out in the ‘More details about your information’ section below. You also have a right to complain to the UK Information Commissioner’s Office by visiting www.ico.org.uk, or to the data protection regulator in the country where you live or work.
We use a range of measures to keep your information safe and secure which may include encryption and other forms of security. We require our staff and any third parties who carry out any work on our behalf to comply with appropriate compliance standards including obligations to protect any information and applying appropriate measures for the use and transfer of information.
If you’d like further information on anything we’ve said in this privacy notice, or to contact our Data Protection Officer, contact us at P.O. Box 6201, Coventry CV3 9HW, UK addressed ‘for the attention of the DPO’.
This privacy notice may be updated from time to time, and you’ll always be able to find the most recent version on this site.