Before we begin
This notice (Privacy Notice) is provided in the context of the banking relationship existing between you and us and in relation to the Services we provide you and covers the processing of Corporate Data and Personal Data (as defined below) and applies to information processed by members of the HSBC Group as data controllers, as described below.
This Privacy Notice explains what information we collect about you, or individuals such as Connected Individual(s), how we’ll use that information, who we’ll share it with, the circumstances when we’ll share it and what steps we’ll take to make sure it stays private and secure.
Where we provide you with separate or further information about how we collect and use your information for particular products or services, that information will also apply.
This Privacy Notice should also be read alongside your banking terms and conditions, as these also include terms and conditions relating to the use and disclosure of information.
Some of the links on our websites lead to other HSBC or non-HSBC websites with their own privacy and information protection policies, which may be different to this notice. You’ll need to make sure you’re happy with their privacy notices when using other sites.
You must direct any individuals whose Personal Data we may collect and process, including Connected Individuals, to this Privacy Notice and make sure they are aware, prior to providing their Personal Data to us or our obtaining their Personal Data, that we are using their Personal Data as described. You should also draw their attention to the section on their rights.
Whenever we use the term “you” or “your” or “customer”, this means your business and “Corporate Data” means data pertaining to your business, to include, but not limited to, information relating to your financial status, corporate activity, payment transactions.
Wherever we use the term “Connected Individual”, this means individual(s) connected to your business and could be any guarantor, a director or officer of a company, partners or members of a partnership, any substantial owner, controlling person, or beneficial owner, trustee, settlor or protector of a trust, account holder of a designated account, recipient of a designated payment, authoriser of a designated payment, your attorney or representative, agent or nominee, or any other persons or entities with whom you have a relationship that's relevant to your relationship with the HSBC Group.
Wherever we use the term “Personal Data”, this means any personal information allowing the identification of individuals such as Connected Individuals, including but not limited to name, previous names, postal address, e-mail address, telephone number, gender, date and place of birth, passport ID, other photo ID, template signatures and nationality.
Wherever we use the term “Data”, this refers collectively to Corporate Data and Personal Data.
Wherever we use the term “we” or “our” “us”, we mean HSBC Group companies which act as a data controller in respect of your personal data. Unless otherwise stated below, the data controller for the purposes of this notice will be HSBC Continental Europe, Belgium.
What Data we collect
We’ll only collect Data in line with relevant regulations and law. We may collect it from a range of sources. Some of it will come directly from you or from others, such as Connected Individual(s), we may generate some of it or obtain it from publicly available sources. The information we collect may include:
Personal Data of individuals(including Connected Individual(s)) that may be provided by you or on your behalf, e.g.:
- personal details, e.g. name, previous names, gender, date and place of birth, photo ID, passport information, national Insurance number, national ID card and nationality;
- contact details, e.g. address, email address, landline and mobile numbers;
- market research, e.g. information and opinions expressed when participating in market research;
- user login and subscription data, e.g. login credentials for phone and online banking;
- information we use to identify and authenticate individuals who act on your behalf (e.g. their template signatures, biometric information, additional information that we receive from external sources for authentication that we need for compliance purposes).
Information we collect or generate about you or others (including Connected Individual(s)) may include:
- your financial information and information about your relationship with us, including the products and services you hold, the channels you use, your ability to get and manage your credit, your payment history, transactions records, market trades, payments into your accounts and information concerning complaints and disputes;
- information included in customer documentation;
- records about executed transactions (e.g. payment order), payment information including full beneficiary name, address and details of the underlying transaction and information about products offered;
- marketing and sales information, such as details of the services you receive and your preferences;
- credit risk ratings and risk identification information, predicted transactional behaviour, customer due diligence and periodic review results, financial crime risk management rating, external intelligence reports, screening alerts;
- investigations data, e.g. due diligence checks, sanctions and anti-money laundering checks, external intelligence reports, content and metadata related to relevant exchanges of information between and among you, us and other organisations or individuals, including emails, voicemail, live chat;
- records of correspondence and other communications between us, including with individuals who act on your behalf;
- information relating to complaints, including disputes / litigation (legal case and matter information including legal strategy, document production, deposition and court transcripts);
- information that we need to support our regulatory obligations, e.g. information about transaction details, detection of any suspicious and unusual activity and information about parties connected to you.
Information we collect from other sources may include:
- information you have asked us to collect for you, e.g. information about your accounts or holdings with other companies including transaction information;
- information from third party providers, e.g. information that helps us to combat fraud (including your communications between organisations, prospects and other stakeholders acquired from companies that collect combined information);
- information relating to third party companies connected to you such as affiliates, their activity and business.