HSBC Privacy Principles
The Hongkong and Shanghai Banking Corporation Limited ("we", "us" "our") builds its business on trust between our customers and ourselves. To preserve the confidentiality of all personal data you provide to us, we maintain the following privacy principles:
1. We only collect personal data that we believe to be relevant and required to understand your financial needs and to conduct our business.
2. We use your personal data to provide you with better customer services and products.
3. We may pass your personal data to other members of the HSBC Group or our respective agents, as permitted by law.
4. We will not disclose your personal data to any external organisation unless we (i) have your consent or (ii) are required by law or (iii) have previously informed you.
5. We may be required from time to time to disclose your personal data to governmental or judicial bodies or agencies or our regulators, but we will only do so under proper authority.
6. We aim to keep your personal data on our records accurate and up-to-date.
7. We maintain strict security systems designed to prevent unauthorised access to your personal data by anyone, including our staff.
8. All members of the HSBC Group, all our staff and all third parties with permitted access to your personal data are specifically required to observe our confidentiality obligations.
By maintaining our commitment to these principles, we at HSBC will ensure that we respect the inherent trust that you place in us.
Your Privacy Matters to Us
This section provides specific details of how we treat any personal data you provide us when you visit this website (this "Site") / HSBC HK Mobile Banking app (this "app").
- Security is our top priority. We will strive at all times to ensure that your personal data will be protected against unauthorised or accidental access, processing or erasure. We maintain this commitment to data security by implementing appropriate physical, electronic and managerial measures to safeguard and secure your personal data.
- The secure area of this Site/app supports the use of 128-bit Transport Layer Security ("TLS") encryption technology an industry standard for encryption over the Internet to protect data. When you provide sensitive information such as credit card details, it will be automatically converted into codes before being securely dispatched over the Internet.
- Our web servers are protected behind "firewalls" and our systems are monitored to prevent any unauthorised access.
- We will not send personal data to you by ordinary email. As the security of ordinary email cannot be guaranteed, you should only send email to us using the secure email facility on this Site/app for general enquiry.
We will take all practical steps to ensure that personal data will not be kept longer than necessary and that we will comply with all statutory and regulatory requirements in the Hong Kong Special Administrative Region concerning the retention of personal data.
- Both you and us play an important role in safeguarding against online fraud.
- We endeavour to put in place high standards of security to protect your interests.
- You should be careful that your account details (including your username and password) are not compromised. You should ensure that you do not knowingly or accidentally share, provide or facilitate unauthorised use of such details. Do not share your username or password or allow access or use of your username or password by others.
- For those who use this app, you should make sure you keep your mobile telephone or tablet and the security details you use to log onto this app safe and secure. You must let us know as soon as possible if these are lost or stolen. If you choose to activate the feature that allows you to use your biometric credentials to log onto this app (for supported devices only), you should ensure that only your biometric credentials are registered on the device. You may be responsible for unauthorized payments made from your accounts if you have not kept your mobile telephone or tablet and your security details safe, and have not followed the security precautions that we advise you to undertake from time to time, or if the biometric credentials registered on the device are not your own and you have activated such authentication method on the device.
- You should safeguard your username and password and keep them secret and confidential. Never write them down. We will never ask you for your password given that you should be the only person who knows it.
- When choosing your username and password, do not use easily identifiable information such as your birthday, telephone number or a recognisable part of your name.
- If you think your username or password has been disclosed to another person, is lost or stolen or an unauthorised transaction has been conducted, you are responsible for informing us immediately.
- If, in the unlikely event, an unauthorised transaction has been conducted through your account through no fraud, fault or negligence on your part, we will see that you are covered for your direct loss up to the full amount of the unauthorised transaction.
- You must not use this app and the Mobile Security Key feature on any device or operating system that has been modified outside the mobile device or operating system vendor supported or warranted configurations. This includes devices that have been "jail-broken" or "rooted". A jail broken or rooted device means one that has been freed from the limitations imposed on it by your mobile service provider and the phone manufacturer without their approval. The use of this app and the Mobile Security Key feature on a jail broken or rooted device may compromise security and lead to fraudulent transactions. Download and use of this app and the Mobile Security Key feature in a jail broken or rooted device is entirely at your own risk and the Bank will not be liable for any losses or any other consequences suffered or incurred by you as a result.
- You should only download this app and its updates from official supplying app store and not from any unofficial sources.
- We may record your visit to this Site/app for analysing the number of visitors to this Site/app, general usage patterns and your personal usage patterns and improving your experience. We may gather some of this information through the use of "cookies". Cookies are small bits of information that are automatically stored on your web browser in your computer , mobile phone or other device for accessing the Internet ("device") that can be retrieved by this Site/app. Cookies are useful because they allow us to recognise your device and they store information about your use of this Site/app, thus enabling us to provide more useful features to you, to tailor the content of our website and mobile applications to suit your interests and, where permitted by your marketing preferences, provide you with promotional materials or direct marketing based on your usage patterns. We will be able to access the information stored on the cookies and record how you use this Site/app. Most browsers are initially set to accept cookies.
- If you accept cookies during your use of this Site or continue to use this app, you will be acknowledging that your information is being collected, stored, accessed and used as outlined above.
- If you are an user of this app, please note that we store and access software on your device to aid security, maintain the connection to our system, allow us to monitor how this app is being used, and save your preferences. The purpose of these cookies is set out below:
Native-app Identify the version of the app
Device type Identify the device type of app including the version of device and the model of device
Device ID Identify the device unique user ID
- We may also work with third parties to research certain usage and activities on this Site/app for us. These third party research agencies include Doubleclick, Yahoo!, Facebook, Nielsen//NetRatings, Webtrends and Adobe. They use technologies such as cookies, spotlight monitoring and web beacons to collect information for this research. They use the information collected through such technologies (i) to find out more about users of this Site/app, including user demographics and behaviour and usage patterns, (ii) for more accurate reporting and (iii) to improve the effectiveness of our marketing. They aggregate the information collected and then share it with us. As part of the information that we share with them, we may share your advertising identifier and "installation event" (which means the data in relation to when you first install or use this Site/app). No personally identifiable information about you is collected or shared by third party research agencies, including Doubleclick, Yahoo!, Facebook, Nielsen//NetRatings, Webtrends and Adobe with us as a result of this research. Should you wish to disable the cookies associated with such technologies, you may change the setting on your browser. However, you may not be able to enter certain parts of this Site, including HSBC Internet Banking.
- Doubleclick's website at www.doubleclick.net and/or
- Yahoo!'s website at http://privacy.yahoo.com/privacy/us/pixels/details.html and/or
- Facebook’s website at https://www.facebook.com/legal/FB_Work_Cookies and/or
- Nielsen//NetRatings website at http://www.netratings.com/privacy.jsp?section=leg_scs and/or
- WebTrends' website at http://ondemand.webtrends.com/privacypolicy.asp#PSFV and/or
- Adobe’s website at http://www.adobe.com/hk_en/privacy/policy.html
- Occasionally we may collect personal data from you when you visit this Site/app or when you participate in a contest or promotion (whether online, over the telephone or at one of our branches). We only collect personal data from you if you voluntarily provide it to us. We may use your personal data to inform you of products, services and other marketing materials which we think may be of interest to you. We or our external research agencies may also invite you to participate in market research and surveys and other similar activities.
- You can choose to receive marketing and other promotional materials by email and you may opt out from receiving these materials at any time.
- If at any time you would like us to stop sending you direct mailings, please contact our representatives by calling:
(852) 2233 3322 for HSBC Premier customers
(852) 2748 8333 for HSBC Advance customers
(852) 2233 3000 for other customers
We will then, at no cost to you, act on your request within 30 days and ensure not to include you in future direct marketing promotions.
- If we do ask you to provide your personal data, we will always specify the purposes for which such personal data is collected and ensure that it is only used for the purposes specified at the time of collection.
1Notice Relating to the Personal Data (Privacy) Ordinance (the 'Ordinance')
This Notice is served by The Hongkong and Shanghai Banking Corporation Limited ("we", "us", "our", including our successors and assigns) in accordance with the Personal Data (Privacy) Ordinance of the Hong Kong Special Administrative Region. It is intended to notify you why personal data is collected, how it will be used and to whom data access requests are to be addressed.
Collection of Data
(a) We may collect the data of customers and other individuals in connection with the purposes set out in this Notice. These customers and other individuals may include the following or any of them (collectively "you", "your"):
- applicants for banking or financial services;
- persons giving or proposing to give guarantees or security for obligations owed to us;
- persons linked to a customer or an applicant that is not an individual, including the beneficial owners and officers of that customer or applicant, or in the case of a trust, including the trustees, settlors, protectors and beneficiaries of the trust; and
- other persons who are relevant to a customer’s relationship with us.
(b) If the data requested by us is not provided, we may be unable to provide (or continue to provide) products or services to you or to the relevant customer or applicant linked to you.
(c) Data may be:
(i) collected from you directly, from someone acting on your behalf or from another source; and
(ii) combined with other data available to members of the HSBC Group ("HSBC Group" and any "member of the HSBC Group" means HSBC Holdings plc and/or its affiliates, subsidiaries, associated entities and any of their branches and offices).
Use of Data
(d) We will use data for the following purposes or any of them (which may vary depending on the nature of your relationship with us):
(i) considering and processing applications for products and services and the daily operation of products and services (including credit facilities provided to you or the relevant customer linked to you);
(ii) conducting credit checks whenever appropriate (including upon an application for consumer credit (including mortgage loans) and when we review credit which normally takes place one or more times each year);
(iii) creating and maintaining our credit and risk related models;
(iv) assisting other financial institutions to conduct credit checks and collect debts;
(v) ensuring your ongoing credit worthiness and good standing;
(vi) designing financial products and services (including insurance, credit card, securities, commodities, investment, banking and related products and services) for your use;
(vii) marketing products, services and other subjects as described in paragraph (f) below;
(viii) determining the amount of indebtedness owed to or by you;
(ix) exercising our rights under contracts with you, including collecting amounts outstanding from you;
(x) meeting our obligations, requirements or arrangements or those of any member of the HSBC Group, whether compulsory or voluntary, to comply with or in connection with:
(1) any law, regulation, judgment, court order, voluntary code, sanctions regime, within or outside the Hong Kong Special Administrative Region ("Hong Kong") existing currently and in the future ("Laws") (e.g. the Inland Revenue Ordinance and its provisions including those concerning automatic exchange of financial account information);
(2) any guidelines, guidance or requests given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers within or outside Hong Kong existing currently and in the future (e.g. guidelines, guidance or requests given or issued by the Inland Revenue Department including those concerning automatic exchange of financial account information) and any international guidance, internal policies or procedures;
(3) any present or future contractual or other commitment with local or foreign legal, regulatory, judicial, administrative, public or law enforcement body, or governmental, tax, revenue, monetary, securities or futures exchange, court, central bank or other authorities, or self-regulatory or industry bodies or associations of financial service providers or any of their agents with jurisdiction over all or any part of the HSBC Group (together the "Authorities" and each an "Authority") that is assumed by, imposed on or applicable to us or any member of the HSBC Group; or
(4) any agreement or treaty between Authorities;
(xi) complying with any obligations, requirements, policies, procedures, measures or arrangements for sharing data and information within the HSBC Group and/or any other use of data and information in accordance with any programmes for compliance with sanctions or prevention or detection of money laundering, terrorist financing or other unlawful activities;
(xii) conducting any action to meet our obligations or those of any member of the HSBC Group to comply with Laws or international guidance or regulatory requests relating to or in connection with the detection, investigation and prevention of money laundering, terrorist financing, bribery, corruption, tax evasion, fraud, evasion of economic or trade sanctions and/or any acts or attempts to circumvent or violate any Laws relating to these matters;
(xiii) meeting our obligations or those of any member of the HSBC Group to comply with any demand or request from the Authorities;
(xiv) enabling actual or proposed assignee(s) of all or any part of our business and/or assets, or participant(s) or sub-participant(s) of our rights in respect of you to evaluate the transaction intended to be the subject of the assignment, participation or sub-participation and enabling the actual assignee(s) to use your data in the operation of the business or rights assigned; and
(xv) any other purposes relating to the purposes listed above.
Disclosure of Data
(e) Data held by us or a member of the HSBC Group will be kept confidential but we or a member of the HSBC Group may provide data to the following parties or any of them (whether within or outside Hong Kong) for the purposes set out in paragraph (d) above:
(i) any agents, contractors, sub-contractors or associates of the HSBC Group (including their employees, officers, agents, contractors, service providers and professional advisers);
(ii) any third party service providers who provide services to us or any member of the HSBC Group in connection with the operation or maintenance of our business (including their employees and officers);
(iii) any Authorities;
(iv) any persons under a duty of confidentiality to us or a member of the HSBC Group which have undertaken to keep such data confidential;
(v) the drawee bank providing a copy of a paid cheque (which may contain data about the payee) to the drawer;
(vi) any persons acting on your behalf whose data are provided, payment recipients, beneficiaries, account nominees, intermediary, correspondent and agent banks, clearing houses, clearing or settlement systems, market counterparties, upstream withholding agents, swap or trade repositories, stock exchanges, companies in which you have an interest in securities (where such securities are held by us or any member of the HSBC Group) or any persons making any payment into a customer's account;
(vii) credit reference agencies, and, in the event of default, to debt collection agencies;
(viii) any persons to whom we are or any member of the HSBC Group is under an obligation or required or expected to make disclosure for the purposes set out in, or in connection with, paragraph (d)(x), (d)(xi) or (d)(xii) above;
(ix) any actual or proposed assignee(s) of ours or participant(s) or sub-participant(s) or transferee(s) of our rights in respect of you;
(x) any persons giving or proposing to give a guarantee or security to guarantee or secure your obligations to us; and
(xi) (1) any member of the HSBC Group;
(2) third party financial institutions, insurers, credit card companies, securities and investment services providers;
(3) third party reward, loyalty, co-branding and privileges programme providers;
(4) co-branding partners of ours or any member of the HSBC Group (the names of such co-branding partners will be provided during the application process for the relevant products and services, as the case may be);
(5) charitable or non-profit making organisations; and
(6) external service providers that we or any member of the HSBC Group engage(s) for the purposes set out in paragraph (d)(vii) above.
Such data may be transferred in and to a place outside Hong Kong.
Provision of Data to Credit Reference Agencies (CRA) and Debt Collection Agencies
A. We may provide the following data relating to you (whether in sole name or joint names with others) to a CRA:
i. full name;
ii. capacity in respect of each mortgage (as borrower, mortgagor or guarantor);
iii. Hong Kong Identity Card Number or travel document number or certificate of incorporation number;
iv. date of birth or date of incorporation;
v. correspondence address;
vi. mortgage account number in respect of each mortgage;
vii. type of the facility in respect of each mortgage;
viii. mortgage account status in respect of each mortgage (e.g. active, closed, write-off); and
ix. if any, mortgage account closed date in respect of each mortgage.
The CRA will use the above data for the purposes of compiling a count of the number of mortgages from time to time held by you (as borrower, mortgagor or guarantor, whether in sole name or joint names with others) for sharing in the consumer credit database of the CRA by credit providers.
B. You can instruct us to make a request to the relevant CRA to delete from its database any account data relating to any credit that has been terminated by full repayment provided that there has not been, within five (5) years immediately before such termination, a default in payment under the credit for a period in excess of sixty (60) days according to our records.
C. If there is any default in payment, unless the amount in default is fully repaid or written off (other than due to bankruptcy order) before the expiry of sixty (60) days from the date of default, your account repayment data may be retained by the CRA until the expiry of five (5) years from the date of final settlement of the amount in default.
D. In the event of any amount being written off due to a bankruptcy order being made against you, the CRA may retain your account repayment data until the earlier of (i) the expiry of five (5) years from the date of final settlement of the amount in default, or (ii) the expiry of five (5) years from the date of your discharge from bankruptcy as notified to the CRA by you with evidence.
E. For the purposes of paragraphs C and D above, account repayment data are the amount last due, amount of payment made during the last reporting period, remaining available credit or outstanding balance and default data (being amount past due and number of days past due, date of settlement of amount past due, and date of final settlement of amount in material default (that is, default in payment for a period in excess of sixty (60) days) (if any)).
Use of Data in Direct Marketing
(f) Where you are a customer, we intend to use your data in direct marketing and we require your consent (which includes an indication of no objection) for that purpose. Please note that:
(i) your name, contact details, products and other service portfolio information, transaction pattern and behaviour, financial background and demographic data held by us from time to time may be used by us in direct marketing;
(ii) the following classes of products, services and subjects may be marketed:
(1) financial, insurance, credit card, banking and related products and services;
(2) reward, loyalty, co-branding or privileges programmes and related products and services;
(3) products and services offered by our co-branding partners (the names of such co-branding partners will be provided during the application for the relevant products and services, as the case may be); and
(4) donations and contributions for charitable and/or non-profit making purposes;
(iii) the above products, services and subjects may be provided by or (in the case of donations and contributions) solicited by us and/or:
(1) any member of the HSBC Group;
(2) third party financial institutions, insurers, credit card companies, securities and investment services providers;
(3) third party reward, loyalty, co-branding or privileges programme providers;
(4) co-branding partners of ours or any member of the HSBC Group (the names of such co-branding partners will be provided during the application of the relevant products and services, as the case may be); and
(5) charitable or non-profit making organisations;
(iv) in addition to marketing the above products, services and subjects ourselves, we may provide the data described in paragraph (f)(i) above to all or any of the persons described in paragraph (f)(iii) above for use by them in marketing those products, services and subjects, and we require your written consent (which includes an indication of no objection) for that purpose; and
(v) we may receive money or other property in return for providing the data to the other persons in paragraph (f)(iv) above and, when requesting your consent or no objection as described in paragraph (f)(iv) above, we will inform you if we will receive any money or other property in return for providing the data to the other persons.
If you do not wish us to use or provide to other persons your data for use in direct marketing as described above, you may exercise your opt-out right by notifying us.
Provision of Another Person's Data
(g) Where you provide to us data about another person, you should give to that person a copy of this Notice and, in particular, tell him/her how we may use his/her data.
Data Access Requests
(h) You have the right:
(i) to check whether we hold data about you and to access such data;
(ii) to require us to correct any data relating to you which is inaccurate;
(iii) to ascertain our policies and practices in relation to data and to be informed of the kind of data held by us; and
(iv) in relation to consumer credit, to be informed on request which items of data are routinely disclosed to credit reference agencies or debt collection agencies, and be provided with further information to enable the making of an access and correction request to the relevant credit reference agency or debt collection agency.
(i) In accordance with the provisions of the Ordinance, we have the right to charge a reasonable fee for the processing of any data access request.
(j) You should send requests for access to data or correction of data or for information regarding policies and practices and kinds of data held to:
The Data Protection Officer
The Hongkong and Shanghai Banking Corporation Limited
PO Box 72677
Kowloon Central Post Office
(k) We may have obtained a credit report on you from a credit reference agency in considering any application for credit. In the event you wish to access the credit report, we will advise the contact details of the relevant credit reference agency.
(l) Nothing in this Notice shall limit your rights as a data subject under the Ordinance.
Note: In case of discrepancies between the English and Chinese versions, the English version shall apply and prevail.
IMPORTANT: By accessing this Site/app and any of its pages you are agreeing to the terms set out above. Thank you for choosing HSBC.
1You may be subject to an earlier version of this Notice (known as Notice to Customers relating to the Personal Data (Privacy) Ordinance) if you have not consented to subsequent changes to the earlier notice.
Yahoo! is trademark and/or registered trademarks of Yahoo! Inc. in the U.S.
Facebook is a registered trademark of Facebook Inc. in the United States and other countries.
Nielsen and Netratings are trademarks of The Nielsen Company (US), LLC. registered in the US.
"Adobe" is either registered trademark or trademark of Adobe Systems Incorporated in the United States and/or other countries.
Doubleclick is a trademark of Google Inc.
Webtrends is a trademark of Webtrends, Inc.