HSBC's Privacy Principles
Our business has been built on trust between our customers and ourselves. To preserve the confidentiality of all information you provide to us, we maintain the following privacy principles:
- We only collect personal information that we believe to be relevant and required to understand your financial needs and to conduct our business.
- We use your personal information to provide you with better customer services and products.
- We may pass your personal information to other HSBC Group members or agents, as permitted by law.
- We will not disclose your personal information to any external organisation unless we have your consent or are required by law or have previously informed you.
- We may be required from time to time to disclose your personal information to governmental or judicial bodies or agencies or our regulators, but we will only do so under proper authority.
- We aim to keep your personal information on our records accurate and up-to-date.
- We maintain strict security systems designed to prevent unauthorised access to your personal information by anyone, including our staff.
- All HSBC Group members, all our staff and all third parties with permitted access to your information are specifically required to observe our confidentiality obligations.
By maintaining our commitment to these principles, we will ensure that we respect the inherent trust that you place in us.
Your Privacy Matters to Us
This section provides specific details of how we treat any personal information you might wish to provide us when you visit the Site.
- Security is our top priority. We will strive at all times to ensure that your personal data will be protected against unauthorised or accidental access, processing or erasure. We maintain this commitment to data security by implementing appropriate physical, electronic and managerial measures to safeguard and secure your personal data.
- The secure area of our Site supports the use of 128-bit Secure Socket Layer (SSL) encryption technology - an industry standard for encryption over the Internet to protect data. When you provide sensitive information such as credit card details, it will be automatically converted into codes before being securely dispatched over the Internet.
- Our web servers are protected behind "firewalls" and our systems are monitored to prevent any unauthorised access. We will not send personal information to you by ordinary email. As the security of ordinary email cannot be guaranteed, you should only send email to us using the secure email facility on our website.
- All practical steps will be taken to ensure that personal data will not be kept longer than necessary and that we will comply with all statutory and regulatory requirements in the Hong Kong Special Administrative Region concerning the retention of personally identifiable information.
- Both you and we play an important role in protecting against online fraud. You should be careful that your account details including your Username and/or Password are not compromised by ensuring that you do not knowingly or accidentally share, provide or facilitate unauthorised use of it. Do not share your Username and/or Password or allow access or use of it by others. We endeavor to put in place high standards of security to protect your interests.
- You should safeguard your unique Username and Password by keeping it secret and confidential. Never write them down or share these details with anyone. We will never ask you for any HSBC Internet Password, including your Internet Banking Password, in order to ensure that you are the only person who knows this information. When choosing your unique Username and Password for the first time, do not create it using easily identifiable information such as your birthday, telephone number or a recognisable part of your name. If you think your Username and/or password has been disclosed to a third party, is lost or stolen and unauthorised transactions may have been conducted, you are responsible to inform us immediately.
Collection of Personal Information
Your visit to this Site may be recorded for analysis on the number of visitors to the site and general usage patterns. Some of this information will be gathered through the use of "cookies". Cookies are small bits of information that are automatically stored on a person's web browser in their computer that can be retrieved by the Site. Cookies can make the site more useful by storing information about your preferences on particular sites, thus enabling website owners to provide more useful features for their users. The information collected by "cookies" is anonymous aggregated research data, and contain no name or address information or any information that will enable anyone to contact you via telephone, e-mail or any other means. Most browsers are initially set to accept cookies. If you would prefer, you can set your browser to disable cookies or inform you when they are set. However, by disabling them, you may not be able to take full advantage of HSBC Group member websites, including HSBC Internet Banking.
We may also work with third parties (such as Doubleclick, Yahoo!, Nielsen//NetRatings and WebTrends) to research certain usage and activities on parts of our Site on our behalf. Doubleclick, Yahoo!, Nielsen//NetRatings and WebTrends use technologies such as spotlight monitoring, web beacons and "cookies" etc to conduct this research. The information collected through technologies such as cookies, spotlight tags and web beacons etc are used to find out more about our users, including user demographics and behaviour and usage patterns, for more accurate reporting and to improve the effectiveness of our marketing. Information recorded through the use of these devices are aggregated and then shared with us. No personally identifiable information about you is collected or shared by Doubleclick, Yahoo!, Nielsen//NetRatings and WebTrends with us as a result of this research. Should you wish to disable the cookies associated with these technologies such as spotlight tags and/or web beacons etc, you may do so by changing the setting on your browser. However, you may not be able to enter certain part(s) of HSBC Group member websites, including HSBC Internet Banking.
When you visit or use our Site, we may automatically collect and store information about your computer or mobile device and your activities. This information may be used for fraud monitoring and to facilitate the provision of our services to you, including the provision of services in the 'Offers Near Me' section. This information may include, but is not limited to:
- Your mobile device's unique ID number (the unique identifier assigned to a device by the manufacturer);
- Your mobile device's geographic location (specific geographic location if you've enabled collection of that information).
Occasionally we may collect personal information from visitors to this site and those individuals that participate in a contest or promotion (online or over the telephone, or at one of our branches). Such information is only collected from individuals who voluntarily provide us with their personal information. We may use this information to advise them of products, services and other marketing materials, which we think, may be of interest to them. We may also invite visitors to this site to participate in market research and surveys and other similar activities.
You can choose to receive marketing and other promotional materials by email. If you do not wish to receive email or promotional direct mailings, you will always have an opportunity to opt-out.
If at any time you would like us to cease using your personal information for marketing purposes, please contact the Customer Service Hotline for the local HSBC entity in your country. This information is located in the "Contact Us" of HSBC website. HSBC will then, at no cost to you, act on your request within 30 days (or such shorter period as may be required under applicable privacy laws) and ensure that you are not included in future marketing promotions.
If we do ask you to provide personal information, we will always specify the purpose for which such personal information is collected and ensure that it is only used for the purpose specified at the time of collection.
Notice to Customers Relating to the Personal Data (Privacy) Ordinance
The Statement is intended to notify you why personal data is collected, how it will be used and to whom data access requests are to be addressed.
Why we collect your data
From time to time, we collect your personal information to carry out and administer our services to you and in an effort to improve your customer experience.
Without such data we may be unable to open or continue accounts or establish or continue banking facilities or provide banking services.
Data is also collected from customers in the ordinary course of business to continue the banking relationship, for example, when customers write cheques, deposit money or apply for credit. This includes information obtained from Credit Reference Agencies.
How your data may be used
Data relating to a customer may be used to:
- facilitate the daily operation of the services and credit facilities provided to customers;
- conduct credit checks (including without limitation upon an application for consumer credit and upon periodic review of the credit);
- create and maintain our credit and risk related models;
- assist other financial institutions to conduct credit checks and collect debts;
- ensure ongoing credit worthiness of customers;
- design financial services or related products for customers' use;
- market services or products of ours and/or selected companies;
- determine the amount of indebtedness owed to or by customers;
- collect amounts outstanding from customers and those providing security for customers' obligations;
- meet the disclosure requirements of any law binding on us or any of our branches;
- enable an actual or proposed assignee of ours, or participant or sub-participant of our rights in respect of the customer to evaluate the transaction intended to be the subject of the assignment, participation or sub-participation; and
- to fulfill any other purposes relating thereto.
Disclosure of your personal information
Information held by us relating to a customer will be kept confidential but we may provide such information to the following parties (whether within or outside the Hong Kong Special Administrative Region) for the purposes set out in paragraph (d):
- any agent, contractor or third party service provider who provides administrative, telecommunications, computer, payment or securities clearing or other services to us in connection with the operation of our business;
- any other person under a duty of confidentiality to us including a group company of ours which has undertaken to keep such information confidential;
- the drawee bank providing a copy of a paid cheque (which may contain information about the payee) to the drawer;
- a person making any payment into the customer's account (by providing a copy of a deposit confirmation slip which may contain the name of the customer);
- credit reference agencies, and, in the event of default, to debt collection agencies;
- any person to whom we are under an obligation to make disclosure under the requirements of any law binding on us or any of our branches or under and for the purposes of any guidelines issued by regulatory or other authorities with which we or any of our branches are expected to comply;
- any actual or proposed assignee of ours or participant or sub-participant or transferee of our rights in respect of the customer; and
- selected companies for the purpose of informing customers of services which we believe will be of interest to customers.
In connection with (v) above, in the event of any default in payment where the amount in default is not fully repaid before the expiry of 60 days as measured by us from the date such default occurred, the customer is liable to have his account data retained by the credit reference agency at least until the expiry of 5 years from the date of final settlement of the amount in default before the right referred to in (f)(v) below may be exercised.
Data access requests
Under the terms of the Ordinance and the Code of Practice on Consumer Credit Data approved and issued under the Ordinance, any individual has the right:
- to check whether we hold data about them and of access to such data;
- to require us to correct any data relating to them which is inaccurate;
- to ascertain our policies and practices in relation to data and to be informed of the kind of personal data held by us;
- in relation to consumer credit, to request to be informed which items of data are routinely disclosed to credit reference agencies or debt collection agencies, and be provided with further information to enable the making of an access and correction request to the relevant credit reference agency or debt collection agency; and
- (except where the consumer credit applied for involves a residential mortgage loan) upon satisfactory termination of the credit by full repayment and on condition that there has been, within 5 years immediately before such termination, no material default under the credit as determined by us, to instruct us to make a request to the relevant credit reference agency to delete from its database any account data relating to the terminated credit.
In accordance with the terms of the Ordinance, we have the right to charge a reasonable fee for the processing of any data access request.
Nothing in this Statement shall limit the rights of customers under the Ordinance.
Requests by customers of the Bank for access to data or correction of data or for information regarding policies and practices and kinds of data held should be addressed to:
The Data Protection Officer
The Hongkong and Shanghai Banking Corporation Limited
PO Box 72677
Kowloon Central Post Office
Hong Kong SAR
Facsimile: (852) 2288 5922
Note: In case of discrepancies between the English and other language versions, the English version shall apply and prevail.
IMPORTANT: By accessing the Site and any of its pages you are agreeing to the terms set out above. Thank you for choosing HSBC.