Top of the content

Data Privacy Notice

Notice relating to the Personal Data (Privacy) Ordinance

We protect your privacy. Read this notice to find out how we collect, store, use and share your personal data.

1

HOW WE COLLECT AND STORE YOUR DATA

We collect your data

  • when you interact with us and use our products and services
  • when you visit our websites (see "Privacy and Security" at the bottom of our webpage and refer to "Use of Cookies" section for details of how we use cookies)
  • from other people and companies, including other HSBC group companies.

We may store your data locally or overseas, including in the cloud.  We apply our global data standards and policies wherever your data is stored.

We're responsible for keeping your data safe in compliance with Hong Kong law.

2

WHAT WE USE YOUR DATA FOR


We use your data

  • to send you direct marketing if you've consented to it
  • to improve our products, services and marketing
  • to help us comply with laws, regulations and requirements, including our internal policies, in or outside Hong Kong
  • to detect, investigate and prevent financial crimes
  • for the other purposes set out in section B.

3

WHO WE SHARE YOUR DATA WITH


We share your data with

  • other HSBC group companies
  • third parties who help us to provide services to you or who act for us
  • third parties who you consent to us sharing your data with
  • local or overseas law enforcement agencies, industry bodies, regulators or authorities
  • credit reference agencies (including the operator of centralised database they use)
  • the other third parties set out in section C.

We may share your data locally or overseas.

You can access your data

You can request access to the data we store about you.  We may charge a fee for this.

 

You can also ask us to

  • correct or update your data
  • explain our data policies and practices.

You control your marketing preferences

You control what marketing you receive from us and how you receive it.

 

You can change this at any time by contacting us or updating your preferences on internet banking.

You can contact us

dfv.enquiry@hsbc.com.hk


The Data Protection Officer HSBC, PO Box 72677, Kowloon Central Post Office, Hong Kong

A

Collect and store

We may collect

  • biometric data such as your voice ID, thumb print and facial recognition data
  • your geographic data and location data based on your mobile or other electronic device
  • data from people who act for you or who you deal with through our services
  • data from public sources, credit reference, debt collection and fraud prevention agencies, and other aggregators.

If you don't give us data then we may be unable to provide products or services.

We may also generate data about you

  • by combining information that we and other HSBC group companies have collected about you
  • based on the analysis of your interactions with us
  • through the use of cookies and similar technology when you access our website or apps.

B

Use

We use your data to

  • provide products and services to you including conducting credit checks
  • provide personalised advertising to you on third party websites (this may involve us aggregating your data with data of others)
  • help us to comply with requirements or requests that we or the HSBC group have or receive such as legal or regulatory in or outside Hong Kong.  Sometimes we may have to comply and other times we may choose to voluntarily comply
  • manage our business, including exercising our legal rights
  • other uses relating to the above or to which you have consented.

If you provide data about others

If you provide data to us about another person, you should tell that person how we will collect, use and share their data as explained in this notice.

C

Share

We share your data with

  • local or overseas bodies or authorities such as legal, regulatory, law enforcement, government and tax and any partnerships between law enforcement and the financial sector
  • any person who you hold a joint account with, people who can give instructions for you and anyone who is giving (or may give) security for your loans
  • any third party who we may transfer our business or assets to so it can evaluate our business and use your data after any transfer
  • partners and providers of reward, co-branding or loyalty programs, charities or non-profit organisations
  • social media advertising partners (who can check if you hold an account with us and send our adverts to you and advertise to people who have a similar profile to you)
  • third party service providers engaged by you using our application programming interfaces for the purposes notified to you by us or such third party service providers and/or as consented to by you, in accordance with your instructions to us or third party service providers you engaged.

We may share your anonymised data with other parties not listed above.  If we do this, you won't be identifiable from this data.

D

Direct Marketing

This is when we use your data to send you details about financial, insurance or related products, services and offers provided by us or our co-branding, rewards or loyalty programme partners or charities.

 

We may use data such as your demographics, the products and services that you're interested in, transaction behaviour, portfolio information, location data, social media data, analytics and information from third parties when we market to you.

We don’t give your data to others for them to market their products and services to you. If we ever wanted to do this, we’d get your separate consent. 

E

Your Credit Information

If you apply for, have, or have had, a loan including a home loan

We'll perform credit checks on you which may involve us providing your loan data to credit reference agencies (CRAs) (including the operator of any centralised database used by CRAs), and in the event of default, to debt collection agencies.

The CRAs will add this data to their database and any centralised database used by them, which is available to other credit providers to help them assess whether to provide you with credit.  The CRAs will keep your data.  You can request that we ask the CRAs to delete it once you've fully repaid your loan.  They will only do this if:

  • none of your payments were more than 60 days overdue in the 5 years before you fully repaid your loan.  If they were, the CRAs will keep your data for 5 years from the date you fully paid that missed payment.
 
 
 
 
 
 
 
  • you're not declared bankrupt with an amount under your loan being written off.  If you are, the CRAs will delete that record after 5 years from the date you're discharged from bankruptcy (you must tell them when this happens) or 5 years from the date you fully repay the overdue loan amount.

If you have a home loan, we'll ask for your consent to share previous home loan data with CRAs.

 



This notice will apply for as long as we store your data.  We'll send you the latest version at least once a year.  If we use your data for a new purpose, we'll get your consent.