This notice (Privacy Notice) is provided in the context of the banking relationship existing between you and us and in relation to the Services we provide you and covers the processing of Corporate Data and Personal Data (as defined below) and applies to information processed by members of the HSBC Group as data controllers, as described below.
This Privacy Notice explains what information we collect about you, or individuals such as Connected Individual(s), how we’ll use that information, who we’ll share it with, the circumstances when we’ll share it and what steps we’ll take to make sure it stays private and secure.
Where we provide you with separate or further information about how we collect and use your information for particular products or services, that information will also apply.
This Privacy Notice should also be read alongside your banking terms and conditions, as these also include terms and conditions relating to the use and disclosure of information.
Some of the links on our websites lead to other HSBC or non-HSBC websites with their own privacy and information protection policies, which may be different to this notice. You’ll need to make sure you’re happy with their privacy notices when using other sites.
You must direct any individuals whose Personal Data we may collect and process, including Connected Individuals, to this Privacy Notice and make sure they are aware, prior to providing their Personal Data to us or our obtaining their Personal Data, that we are using their Personal Data as described. You should also draw their attention to the section on their rights.
Whenever we use the term “you” or “your” or “customer”, this means your business and “Corporate Data” means data pertaining to your business, to include, but not limited to, information relating to your financial status, corporate activity, payment transactions.
Wherever we use the term “Connected Individual”, this means individual(s) connected to your business and could be any guarantor, a director or officer of a company, partners or members of a partnership, any substantial owner, controlling person, or beneficial owner, trustee, settlor or protector of a trust, account holder of a designated account, recipient of a designated payment, your attorney or representative, agent or nominee, or any other persons or entities with whom you have a relationship that's relevant to your relationship with the HSBC Group.
Wherever we use the term “Personal Data”, this means any personal information allowing the identification of individuals such as Connected Individuals, including but not limited to name, previous names, postal address, e-mail address, telephone number, gender, date and place of birth, passport ID, other photo ID, signatures and nationality.
Wherever we use the term “Data”, this refers collectively to Corporate Data and Personal Data.
Wherever we use the term “we” or “our” “us”, we mean HSBC Group companies which act as a data controller in respect of your personal data. Unless otherwise stated below, the data controller for the purposes of this notice will be HSBC Continental Europe, Ireland.
We’ll only collect Data in line with relevant regulations and law. We may collect it from a range of sources. Some of it will come directly from you or from others, such as Connected Individual(s), we may generate some of it or obtain it from publicly available sources. The information we collect may include:
Personal Data of individuals(including Connected Individual(s)) that may be provided by you or on your behalf, e.g.:
Information we collect or generate about you or others (including Connected Individual(s)) may include:
Information we collect from other sources may include:
We will process your Data only where we have a lawful reason to do so. For Personal Data, these reasons include where:
In particular, where we have a lawful basis for doing so, Data may be processed, used and stored by us and/or by third parties for the following purposes:
In addition, in case of failure to supply any Data required by law or under a contract and reasonably requested by HSBC, we may refuse to provide the Services you have requested or we may stop providing existing Services to you.
See Appendix for further details of how we will use your Data.
Compliance with laws and regulatory compliance obligations
We’ll use your Data to meet our compliance obligations, to comply with other laws and regulations and to share with regulators and other authorities that HSBC Group companies are subject to. This may include using it to help detect or prevent crime (including terrorism financing, money laundering and other financial crimes). We’ll only do this on the basis that it’s needed to comply with a legal obligation or it’s in our legitimate interests and that of others.
Marketing and market research
We may use Data for marketing purposes. We may send you marketing messages in different ways (e.g. post, email, online and mobile banking or secure e-messages) with information about our products and services. We will ask for your permission if required, and you can change your mind on how you receive marketing messages or if you choose to stop receiving them at any time.
If you, or anyone whose Personal Data we hold, ask us not to send you marketing materials, it may take us a short period of time to update our systems and records to reflect your request, during which time you may continue to receive marketing messages.
We may use your Data for market research and to identify trends. Market research agencies acting on our behalf may get in touch with you by post, telephone, email or other methods of communication to invite you to take part in research. Any responses that you provide whilst participating in market research will be reported back to us anonymously unless you give us permission for your details to be shared.
Tracking or recording what you or individuals connected to your business say or do
We may record and keep track of conversations you or anyone who acts on your behalf, including Connected Individual(s), have with us – including phone calls, face-to-face meetings, letters, emails, live chats, video chats and any other kinds of messaging. We use these recordings to check your instructions to us, assess, analyse and improve our service, train our people, manage risk or to prevent and detect fraud and other crimes. We may capture telephone numbers that you call us from and information about the devices or software that you use.
Fraud Prevention Checks
We will carry out fraud prevention checks which may include the use of relevant software, systems and agencies for the purposes of preventing fraud and money laundering, and to verify your identity , before we provide services, goods or financing to you.
These checks also require us to process the Data we hold for you.
The Data you provide or which we have collected from you, or received from third parties will be used to carry out these checks in order to prevent fraud and money laundering, and to verify the identity of the Individual(s) connected to your business. In addition, we may need to process Data of third party companies which are connected to you for the same purpose.
We may share your Data for the above purposes to the following data recipients:
Personal Data may be transferred to and stored in locations outside the European Economic Area (EEA), including in countries that may not have the same level of protection. When we do this, we’ll ensure it has an appropriate level of protection and that the transfer is lawful. We may need to transfer Personal Data in this way to perform our contract with you, to fulfil a legal obligation, to protect the public interest and/or for legitimate business interests.
In some countries the law might compel us to share certain information, e.g. with tax authorities. Even in these cases, we will only share your information with people who have the right to see it.
You can obtain more details of the protection given to Personal Data when it is transferred outside the EEA by contacting us.
We may share aggregated or anonymised information outside of HSBC Group with partners such as research groups, universities or advertisers. For example, we may share such information publicly to show trends about the general use of our services. However, you won’t be able to be individually identified from this information.
We keep your information in line with our data retention policy. This enables us to comply with legal and regulatory requirements or use it where we need to for our legitimate purposes such as managing your account and dealing with any disputes or concerns that may arise.
We may need to retain Data for a longer period where we need the information to comply with regulatory or legal requirements or where we may need it for our legitimate purposes, e.g. to help us respond to queries or complaints, fighting fraud and financial crime, responding to requests from regulators, etc.
If we don’t need to retain Personal Data information for this period of time, we may destroy, delete or anonymise it more promptly.
Individuals whose Personal Data we process, including Connected Individuals, have a number of rights in relation to their Personal Data. These rights include:
If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services and credit you have requested or we may stop providing existing products and services to you. A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services to you.
You are responsible for making sure the Data you give us is accurate and up to date, and you must tell us if anything changes as soon as possible. For Personal Data, you’ll need to direct relevant individuals to this notice and make sure they understand how we use their information as described in it prior to providing their Personal Data to us, or our obtaining their Personal Data from other sources. You should also draw their attention to the section on their rights.
We use internal technical and organisational measures to keep your Data safe and secure which may include encryption, and other forms of security measures. We require our staff and any third parties who carry out any work on our behalf to comply with appropriate compliance standards including obligations to protect any information and applying appropriate measures for the use and transfer of information.
For the purposes of this privacy notice the Data Controller is HSBC Continental Europe, Ireland, with registered office in Ireland at 1 Grand Canal Square, Grand Canal Harbour, Dublin 2.
If you would like further information on any of the information above, or to contact our Data Protection Officer, write to The Data Protection Office, HSBC Continental Europe, Ireland, 1 Grand Canal Square, Grand Canal Harbour, Dublin 2.
This Privacy Notice may be updated from time to time and the most recent version can be found online at http://www.business.hsbc.ie/en-gb/ie/generic/GDPR.
“Authorities” includes any judicial, administrative, public or regulatory body, any government, any Tax Authority, securities or futures exchange, court, central bank or law enforcement body, or any of their agents, with jurisdiction over any part of the HSBC Group.
“Compliance Obligations” means obligations of the HSBC Group to comply with: (a) Laws, or international guidance and internal policies or procedures, (b) any demand and/or requests from Authorities or reporting, regulatory trade reporting, disclosure or other obligations under Laws, and (c) Laws requiring HSBC to verify the identity of our customers.
“Financial Crime Risk Management Activity” means any action that HSBC, and members of the HSBC Group, are required, and may take as they consider appropriate in their sole and absolute discretion, to meet Compliance Obligations in connection with the direction, investigation and prevention of Financial Crime, including but not limited to: (a) screening, intercepting and investigating any instruction, communication, drawdown request, application for Services, or any payment sent to or by you or on your behalf, (b) investigating the source of or intended recipient of funds, (c) combining Personal Data with other related information in the possession of the HSBC Group, and/or (d) making further enquiries as to the status of a person or entity, whether they are subject to a sanction regime, or confirming your identity and status.
“Financial Crime” means money laundering, terrorist financing, bribery, corruption, tax evasion, fraud, evasion of economic or trade sanctions, and/or violations, or acts or attempts to circumvent or violate any Laws relating to these matters.
“Laws” means any applicable local or foreign statute, law, regulation, ordinance, rule, judgement, decree, voluntary code, directive, sanctions regime, court order, agreement between any member of the HSBC Group and an Authority, or agreement or treaty between Authorities and applicable to HSBC or a member of the HSBC Group.
“Services” includes, without limitation, (a) the opening, maintaining and closing of your bank accounts, (b) providing you with credit facilities and other banking or investment products and services (including, for example, securities dealing, investment advisory, broker, agency, custodian, clearing or technology procuring services), processing applications, ancillary credit assessment and product eligibility assessment, and (c) the maintenance of HSBC’s overall relationship with you, including promoting financial services or related products to you , market research, insurance, audit and administrative purposes.
“Tax Authorities” means domestic or foreign tax, revenue, fiscal or monetary authorities.
This appendix sets out purposes we may use Data for. It also sets out the processing condition we apply when processing Personal Data about individuals related to you, including Connected Individuals, for these purposes.