Privacy and Data Protection Statement

Our HSBCnet Privacy Notice

Before we begin

This notice (Privacy Notice) applies to personal information held by members of the HSBC Group as data controllers, or the organisation responsible for personal information under our control, as described below. It explains what information we collect about you, how we’ll use that information, who we’ll share it with, the circumstances when we’ll share it and what steps we’ll take to make sure it stays private and secure. It continues to apply even if your use of or any agreement for HSBCnet ends.

About this Privacy Notice

Effective Date: 19th May 2018

Who this Notice applies to

This Privacy Notice applies to your use of the HSBCnet site and mobile application. When we say ‘we’, we mean HSBC Bank plc and any other HSBC Group companies which act as a data controller in respect of your personal data. For the purposes of this notice, the relevant data controller is: (a) HSBC Bank plc, as the operator of the HSBCnet site and app, in connection with the provision of these services; and (b) the HSBC Group company that the entity you are acting on behalf of has a relationship with (as defined in the HSBCnet terms and conditions). You can find the contact details of this entity and its data protection officer (where relevant) by clicking on the Customer Support link on www.hsbcnet.com and selecting the relevant country. If you are accessing HSBCnet from outside the UK, additional information may also apply to your use of HSBCnet (see below).

The information we collect from you (as described below) is required to provide you with access to our services, to fulfil our agreement with the entity you are acting on behalf of, and to enable us to fulfil our legal and regulatory compliance obligations, as described below. Failure to provide your information, (or if all personal data submitted to us is not complete, accurate, true and correct) may mean it is not possible to provide you with access to certain products or services which you or the entity you are acting on behalf of have requested.

What information we collect

We’ll only collect your information in line with relevant regulations and law. The information we collect may include:

Information that you, or your employer /the profile owner you represent /corporate representative, provide to us, e.g:

  • personal details, e.g. name, previous names, gender, date of birth, occupation;
  • information concerning your identity (e.g. passport information or other photo ID, National Insurance number);
  • contact details, e.g. home and work address, email address and phone numbers;
  • user login and subscription data, e.g. login credentials for the HSBCnet website and mobile app;
  • other information about you that you give us by filling in forms, surveys, or by communicating with us, whether face-to-face, by phone, email, online, or otherwise.

Information we collect or generate about you, e.g:

  • information about you or those you represent and their relationship with us, including the channels you use and your ways of interacting with us and the HSBCnet website / app, as well information concerning complaints and disputes;
  • authentication information (e.g. your biometric information, such as your voice for voice ID, or fingerprint);
  • information included in customer documentation (e.g. a record of advice that we may have given you);
  • cookies, and similar technologies we use to recognise you, remember your preferences and tailor the content we provide to you - our cookie policy available at www.hsbcnet.com contains more details about how we use cookies;
  • investigations data, e.g. due diligence checks, sanctions and anti-money laundering checks, external intelligence reports, content and metadata related to relevant exchanges of information between and among individuals, organisations, including emails, voicemail, live chat;
  • records of correspondence and other communications between us, including email, telephone conversations, live chat, instant messages and social media communications;
  • information that we need to support our regulatory obligations, e.g. information about transaction details, purpose of payment, ordering customer information, counterparty/beneficiary information, identification documents, detection of any suspicious and unusual activity and information about parties connected to you or these activities.
  • information about the devices you use to access HSBCnet, e.g. software and IP address.

Information we collect from other sources, e.g:

information from third party providers, e.g. client user information collected through 3rd party application service providers that we have a mutual relationship with e.g. accounting software providers who provide you with a service and you have separately agreed with can share information with.

How we’ll use your information

We’ll only use your information where we have your consent or we have another lawful reason for using it. These reasons include where we:

  • need to pursue our legitimate interests or that of the profile owner you represent (for example, as part of our provision of its HSBCnet services);
  • need to process the information to carry out an agreement we have with you or the profile owner you represent (as part of our provision of its HSBCnet services ) or a third party information provider operating in financial markets (e.g. Bloomberg);
  • need to process the information to comply with a legal obligation;
  • believe the use of your information as described is in the public interest e.g. for the purpose of preventing or detecting crime.

The reasons we use your information include to:

  • provide you with access to HSBCnet (including our mobile app), including identifying you and carrying out your instructions, sending alerts, service messaging and notification of activities;
  • manage our relationship with you or the profile owner you represent (as part of our provision of its HSBCnet services);
  • fulfil our contractual arrangements with third party information providers operating in financial markets (e.g. Bloomberg). This can include sharing our customer’s identity with those third party providers, including contact details of our customer’s representatives, when our customers use that service;
  • prevent or detect crime including fraud and financial crime, e.g. financing for terrorism and human trafficking;
  • security and business continuity and risk management;
  • product and service improvement, including data analytics to better understand how you use our services, and to respond to any service issues you may have;
  • protect our legal rights and comply with our legal obligations;
  • marketing relevant products or services, where permitted;
  • system or product development and planning, audit and administrative purposes.

We do not carry out automated decision making which might produce legal effects and/or otherwise affects you.

Tracking or recording what you say or do

We may record details of your interactions with us, including emails, telephone conversations, live chats, video chats and any other kinds of communication. We may use these recordings to check your instructions to us, assess, analyse and improve our service, train our people, manage risk or to prevent and detect fraud and other crimes. We may also capture additional information about these interactions, such as information about the devices or software that you use.

Compliance with laws and regulatory compliance obligations

We’ll use your information to meet our compliance obligations, to comply with other laws and regulations and to share with regulators and other authorities that HSBC Group companies are subject to. This may include using it to help detect or prevent crime (including terrorism financing, money laundering and other financial crimes). We’ll only do this on the basis that it’s needed to comply with a legal obligation or it’s in our legitimate interests and that of others.

Who we might share your information with

We may share your information with others where lawful to do so including where we or they:

  • need to in order to provide you with products or services you’ve requested, e.g. fulfilling a payment request, sharing information with third party vendors who we may utilise;
  • have a public or legal duty to do so, e.g. to assist with detecting and preventing fraud, tax evasion and financial crime;
  • need to in connection with regulatory reporting, litigation or asserting or defending legal rights and interests;
  • have a legitimate business reason for doing so, e.g. sharing your information and information about your use of your account with the profile owner you represent as part of our provision of its HSBCnet services;
  • to manage risk, verify your identity, enable another company to provide you with services you’ve requested, or assess your suitability for products and services;
  • have asked you for your permission to share it, and you’ve agreed.

We may share your information for these purposes with others including the profile owner you represent, any other HSBC group companies and any sub-contractors, agents or service providers who work for us or provide services to us or other HSBC Group companies (including their employees, sub-contractors, service providers, directors and officers). This includes sharing your information with third party information providers operating in financial markets where required in connection with their services.

How long we’ll keep your information

We keep your information in line with our data retention policy (for example, in some countries we will retain information about HSBCnet transactions for a minimum is 5 year period). This enables us to comply with legal and regulatory requirements or use it where we need to for our legitimate purposes such as managing your account and dealing with any disputes or concerns that may arise. We may need to retain your information for a longer period where we need the information to comply with regulatory or legal requirements or where we may need it for our legitimate purposes e.g. to help us respond to queries or complaints, fighting fraud and financial crime, responding to requests from regulators, etc. If we don’t need to retain information for this period of time, we may destroy, delete or anonymise it more promptly.

Transferring your information overseas

Your information may be transferred to and stored in locations outside the European Economic Area (EEA), including countries that may not have the same level of protection for personal information. When we do this, we’ll ensure it has an appropriate level of protection and that the transfer is lawful. We may need to transfer your information in this way to carry out our contract with you, to fulfil a legal obligation, to protect the public interest and / or for our legitimate interests. In some countries the law might compel us to share certain information, e.g. with tax authorities. Even in these cases, we’ll only share your information with people who have the right to see it. You can obtain more details of the protection given to your information when it is transferred outside the EEA by contacting us using the details in the ‘More details about your information’ section below.

Your rights

You have a number of rights in relation to the information that we hold about you. These rights include:

  • the right to access information we hold about you and to obtain information about how we process it;
  • in some circumstances, the right to withdraw your consent to our processing of your information, which you can do at any time. We may continue to process your information if we have another legitimate reason for doing so, although this may impact your ability to continue to have access to our products and services;
  • in some circumstances, the right to receive certain information in an electronic format and/or request we transmit it to a third party where this is technically feasible. The right only applies to information provided to us.
  • the right to request that we rectify your information if it’s inaccurate or incomplete;
  • in some circumstances, the right to request that we erase your information. We may continue to retain your information if we are entitled or required to retain it; and
  • the right to object to, and to request that we restrict, our processing of your information in some circumstances. Again, there may be situations where you object to, or ask us to restrict, our processing of your information but we are entitled to continue processing your information and / or to refuse that request.

You can exercise your rights by contacting us using the details set out below. You may also have a right to complain to the relevant data protection regulator in the country in which you live or work.

How we keep your information secure

We use a range of measures to keep your information safe and secure which may include encryption and other forms of security. We require our staff and any third parties who carry out any work on our behalf to comply with appropriate compliance standards including obligations to protect any information and applying appropriate measures for the use and transfer of information.

More details about your information

If you’d like further information on anything we’ve said in this notice, or to contact our Data Protection Officer where applicable, please contact your usual HSBC representative, or use the Customer Support option on the www.hsbcnet.com homepage, which sets out our contact details in applicable jurisdictions. This Privacy Notice may be updated from time to time and the most recent version can be found at www.hsbcnet.com.

Additional Information

Where you are accessing HSBCnet from one of the following countries, this Privacy Notice must be read in conjunction with the following privacy policies which are highlighted below:

For the provision of products and services provided by:

Cookies

You should read our Cookie Policy to find out more about how HSBC and our trusted partners use cookies, which is relevant to your online security. We use cookies to make our website more secure and easier to use.