Before we begin

When does this Privacy Notice apply

Rights of individuals

How do we collect information relating to your and individuals connected to your business?

What information we collect

How we'll use your information and information of Related Parties

Credit references checks, fraud and money laundering

Who we might share your information with

How long we'll keep your information

Transferring your information overseas

How we keep your information secure

What we need from you

How to contact us

This notice (Privacy Notice) applies to information about you and, where applicable, individuals connected to your business, held by HSBC Bank plc and members of the HSBC Group as data controllers, as described below. It explains what information we collect about you and individuals connected to your business, how we’ll use that information, who we’ll share it with and in what circumstances. It also explains what steps we’ll take to make sure the information stays private and secure. We may need to retain your information even after we cease providing relevant banking, insurance or other products to you or your business, either to provide other products and services you continue to use or because we will retain your information in accordance with our legal and regulatory requirements. In those circumstances this Privacy Notice will continue to apply. It should also be read alongside the personal banking, business banking or insurance terms and conditions which apply to your or your business’ products and services, as these include sections relating to the use and disclosure of information.

When we say ‘we’, we mean HSBC Group companies which act as a data controller in respect of your personal data. Unless otherwise stated below, the data controller for the purposes of this notice will be HSBC Bank plc, a company incorporated in England and Wales, and operating in the Channel Islands and Isle of Man through locally regulated branches. HSBC Bank plc’s registered office is at 8 Canada Square, London E14 5HQ, United Kingdom.

The address for HSBC Bank plc (Jersey Branch) set out in this notice is HSBC House, Esplanade, St Helier, Jersey JE1 1HS, Channel Islands; for HSBC Bank plc (Guernsey Branch) it is Arnold House, St Julian’s Avenue, St Peter Port, Guernsey GY1 3NF, Channel Islands; and for HSBC Bank plc (Isle of Man Branch) it is HSBC House, Ridgeway St, Douglas IM1 2SG, Isle of Man. If you’d like to get in touch with us, you can also find contact details in the ‘How to contact us’ section.

This Privacy Notice applies to you if you are a ‘Customer’ or a Related Party of a Customer (explained below), that is, you apply for, are now, or have in the past applied for or been our customer in relation to any of our personal or business banking products or services including savings, loans, credit cards, mortgages, payment services, investments or insurance.

It will also apply to you if your personal data is or has been provided to us in relation to a Customer, which includes corporate entities and other business structures banking with us. It will further apply if you have a relationship with other parts of the HSBC Group, though separate privacy notices might apply for these relationships. The other HSBC Group entities will provide you with their privacy notices as necessary.

This privacy notice could also apply where you are or were an individual related to a business, an authorised signatory on a Customer account, you undertake banking or deals on behalf of a Customer (for example only, you are a company director, business employee, administrator, partner, officer, company secretary, trustee, executor or are an attorney under a Power of Attorney or a guardian under a Court of Protection Order or equivalent) or are an authorised signatory of those parties or a member or shareholder, beneficial owner, agent or nominee of a trust or corporate entity (all being “Related Parties”). 

In this Privacy Notice we have referred to both Customers and Related Parties as 'You’ or ‘Your’. If there is a material difference between how we treat Customers and Related Parties, we have made this clear.

Please note that for the most part, this Privacy Notice only applies to natural persons, meaning individuals (including sole traders or partners in a traditional partnership), not corporate entities. If you are a Related Party of a corporate business banking customer and you share information about other individuals with us, you must first ensure that you have a legitimate interest, lawful reasons or the agreement of these individuals. You should also ensure that you have provided these individuals with a copy of this Privacy Notice so they can understand how their information will be processed by HSBC and their rights in relation to this.

If you are an insurance customer, it also means you, named insurers or beneficiaries under your policy, dependents, claimants and other third parties involved in an insurance policy or claim (such as witnesses).

As well as this Privacy Notice, where you are a Customer, there is certain information about how we use information provided to us in your terms and conditions. Please note that the type of information we collect and the purposes for which we process it can differ depending on whether you are a Customer or Related Party.

If you apply for certain other products and services, you may be provided with a separate or supplemental privacy notice. Some of the links on our websites lead to other HSBC or non-HSBC websites with their own privacy notices, which may be different from this notice. You’ll need to make sure you’re happy with their privacy notices when using those other sites.

If you're browsing our website, you can read our Website Privacy Notice.

Individuals have a number of rights in relation to the information that we hold about them. If you are an individual (as opposed to a legal entity), these rights include:

Individuals (including Related Party individuals and individuals connected to your business) can exercise their rights by contacting us using the details set out in the ‘How to contact us’ section. Please note that specific requirements may apply to these rights.

We only collect information in line with relevant laws and regulations. We collect information from various sources and it may relate to any of our products or services.

• Some information will come directly from you. We collect information from you when you interact with us (for example when you visit our websites or mobile channels, complete application forms or answer questions online or in branch, speak with us in person or on the phone about any of our products or services)
• Other information we collect or generate about you (for example when we meet or speak with you or, in certain circumstances, with the use of technology, for example through the use of cookies on our websites or mobile channels, when mobile services or ATMs identify your location or by applying technology to assist us in identifying transactions that are usual or unusual for your accounts)
• Further information can come from other sources (for example from the public domain or from parties you have asked us to contact e.g. your financial advisor, broker or mortgage intermediary. Other HSBC companies may also hold information about you which we may gather. For insurance customers, the insurance company which provides the insurance policies will likewise supply information and there are checks or searches of publicly available information, and information services which allows us to undertake checks to help combat fraud, money laundering and other criminal offences
• If you are a Related Party we will also collect information about you from the Customer you are related to. The type of information we collect differs depending on how we’re given it or the products that you hold

We will collect, store or use personal information of the following types from you or Related Parties.

Cookies are small pieces of data that websites store on your browser when you visit them. Cookies allow a website to recognise your visit and collect information about how you use that website. We may also use cookies and similar technologies elsewhere, such is within our email communications, to understand how you interact with them.

Our cookie policy contains more details about how we use cookies and can be found at https://www.expat.hsbc.com/cookie-notice/.

• Information regarding your family members or other third parties who might be covered by or benefit from your insurance policy or be financially dependent on you
• Information which is relevant to your insurance policy, including details of previous policies and claims history. This will depend on the type of policy that you have with us
• Lifestyle information. For example, if you apply for a life insurance policy, we may ask for details such as your status as a smoker and alcohol consumption
• Details about your physical or mental health which are relevant to your insurance policy or claim. For example, if you make a claim, we may ask for medical information which relates to your claim
• Details about your criminal convictions or related information. This will include information relating to alleged offences
• Any other information which is relevant to a claim that you make
• Information relating to your insurance application where you apply for a policy via a comparison website or aggregator
• Information from other parties involved in your insurance policy or claim

• Information about the device the app is installed on, for instance the device identification number, information about the status of your internet connection and whether your device is awake or locked

We’ll only use information on you or Related Parties where we have consent or have another lawful reason for doing it. Such reasons include:

• We need to pursue our legitimate interests
• We need to process the information to carry out an agreement we have with you
• We need to comply with a legal or regulatory obligation
• We reasonably believe that processing the information is in the public interest (e.g. for the purpose of preventing or detecting financial crime)

The reasons we use your information or information of Related Parties are set out in the table below:

We may use automated systems to help us make decisions, e.g. when you apply for products and services, to make credit decisions and to carry out fraud and money laundering checks. We may use technology that helps us identify the level of risk involved in customer or account activity, e.g. for credit, fraud or financial crime reasons, or to identify if someone else is using your card without your permission.

If you are an insurance customer, we may use automated decisions to determine whether or not we can offer you insurance and at what price. We may base our decision on factors such as health, lifestyle and occupational information, as well as the level of cover being requested.

You may have a right to certain information about how we make these decisions. You may also have a right to request human intervention and to challenge the decision.

To help keep you and your money safe, we will generally record details of your interactions with us. We may also record and track conversations you have with us.

We may also get extra information about these interactions. For example, telephone numbers that you call us from and information about the devices or software that you use. We use closed circuit television (CCTV) in and around our offices and branches. These may collect photos or videos of you or record your voice.

Our websites, apps, email communications and other digital products may also track and record your interactions with them to help:

• Keep you safe
• Provide or improve services and features
• Keep our services secure
• Make your visit more personal
• Support our marketing

Some tracking is optional. For more details, please refer to our relevant website or app privacy notices and cookies notices.

We’ll use your and Related Parties’ information to meet our compliance obligations, to comply with laws and regulations, and to share with regulators and other authorities that HSBC Group companies are subject to. This may include using it to help detect or prevent crime (including terrorism financing, money laundering, tax evasion, proliferation financing and other financial crimes). We’ll only do this on the basis that it’s needed to comply with a legal obligation, it’s in our legitimate interests and that of others, or to prevent or detect unlawful acts.

We may use your and Related Parties’ information to provide you with details about HSBC products and services, and also products and services from our partners and other relevant third parties. We may send you marketing messages by post, email, telephone, text or secure messages.

You can change your mind on how you receive marketing messages or choose to stop receiving them at any time. To make that change, please contact us in the usual way. If you ask us not to send you marketing, it may take us a short period of time to update our systems and records to reflect your request, during which time you may continue to receive marketing messages. Even if you tell us not to send you marketing messages, we’ll continue to use your contact details to provide you with important service information, such as changes to your terms and conditions or if we need to tell you something to comply with our regulatory obligations.

We may use your information for market research and to identify trends. Market research agencies acting on our behalf may get in touch with you by post, telephone, email or other methods of communication to invite you to take part in research. We won’t invite you to take part in research using a communication method if you’ve asked us not to get in touch that way. Any responses that you provide while participating in market research will be reported back to us anonymously, unless you give us permission for the relevant details to be shared.

If you apply for new products or services (including credit such as a mortgage, loan or credit card), we may perform credit and identity checks on you or Related Parties with one or more credit reference agencies (CRAs). When you use our banking services, we may also make periodic searches at CRAs to manage your account with us.

To do this, we’ll supply your personal information to CRAs and they’ll give us information about you. This will include information from your credit application and about your financial situation and financial history. CRAs will supply us with both public (including the electoral register) and shared credit information, financial situation, history and fraud prevention information.

We may use this information to:

• Assess if we can offer you credit and whether you can afford to take the product you applied for
• Verify the accuracy of the data you’ve provided to us
• Prevent criminal activity, fraud and money laundering
• Manage your account(s)
• Trace and recover debts
• Assess how you’ve managed credit with us in the past, if you haven’t kept up with your payments or paid off an amount you owe us (unless there’s a genuine dispute over how much you owe us), or if you’ve agreed and stuck to a repayment plan
• Ensure any offers provided to you are appropriate to your circumstances

We’ll continue to exchange information about you with CRAs while you have a relationship with us. We’ll also inform the CRAs about your repayment history. If you borrow and do not repay in full and on time, CRAs will record the outstanding debt. This information may be supplied to other organisations by CRAs.

When CRAs receive a search request from us, they’ll place a search footprint on your credit file that may be seen by other lenders. If you apply for a bank account or credit (such as where you apply for a mortgage, loan or credit card), we’ll get details of your credit history from a CRA (and share information about you with the CRA) and use this information to work out how much you can afford to borrow or pay back. We may also carry out further credit checks on you while you’re a customer to maintain an accurate and up-to-date record of your credit history. We may use this information to verify the accuracy of the information you’ve provided to us, prevent criminal activity, fraud and money laundering, manage your account(s), trace and recover debts, and ensure any offers provided to you are appropriate to your circumstances.

If you’re making a joint application, or tell us that you have a spouse or financial associate, we’ll link your records together. You should discuss this with them, and share this information with them before submitting the application. CRAs will also link your records together and these links will remain on your and their files until you or your partner successfully files for a disassociation with the CRAs to break that link.

To find out more about the CRAs and how they manage your information, please visit each agency directly. The CRAs have created a joint document called the Credit Reference Agency Information Notice (CRAIN) which is available from each of the three CRAs websites. Going to any of these three links will also take you to the same CRAIN document.

TransUnion – transunion.co.uk/crain

Equifax – equifax.co.uk/crain

Experian – experian.co.uk/crain

We’ll carry out checks with fraud prevention agencies for the purposes of preventing fraud and money laundering, and to verify your or Related Parties’ identity before we provide products and services to you. These checks require us and these agencies to process personal information about you.

The information you provide or which we’ve collected from you, or received from third parties, will be used to carry out these checks in order to prevent fraud and money laundering, and to verify your identity. We’ll process relevant information, such as your name, address, date of birth, contact details, financial information, employment details, and device identifiers e.g. IP address.

We and fraud prevention agencies may also enable law enforcement agencies to access and use relevant personal data to detect, investigate and prevent crime. We process your personal data on the basis that we have a legal obligation and legitimate interest in preventing fraud and money laundering and to verify your identity. This enables us to protect our business and to comply with laws that apply to us. This processing is also a contractual requirement of any of our products or services you use.

Fraud prevention agencies can hold your personal data for different periods of time. If they’re concerned about a possible fraud or money laundering risk, this data can be held by them for up to six years.

If we, or a fraud prevention agency, have reason to believe there’s a fraud or money laundering risk, we may refuse to provide the services and credit you’ve requested. We may also stop providing existing products and services to you. A record of any fraud or
money laundering risk will be retained by the fraud prevention agencies and may result in others refusing to provide services to you. The information we hold about you could make it easier or harder for you to get credit in the future.

To find out more about credit and fraud checks including our fraud prevention agencies and how they manage your information, read our ‘Guide to Credit Scoring, Credit Reference and Fraud Prevention Agencies’ leaflet. You can get it from our website, in any of our branches or you can request a paper copy by contacting us in your preferred way. To find out about CIFAS’ fraud databases and how CIFAS manage your information please visit www.cifas.org.uk/fpn.

We may share your and Related Parties’ information with others where lawful to do so, including where we or they:

• Need to in order to provide you with products or services you’ve requested, e.g. fulfilling a payment request
• Need to in order to provide you with your insurance policy or to administer your claim
• Have a public or legal duty to do so, e.g. to assist with detecting and preventing fraud, proliferation financing, tax evasion and financial crime
• Need to in connection with regulatory reporting, litigation or asserting or defending legal rights and interests
• Have a legitimate business reason for doing so, e.g. to manage risk, verify your identity, enable another company to provide you with services you’ve requested, or assess your suitability for products and services
• Have asked you for your permission to share it, and you or the Related Parties (as the case may be) have agreed

The information that we share will depend on the purpose for which we share it.

We may also share your or Related Parties’ information with others, including (but not limited to):

• Other HSBC Group companies and any sub-contractors, agents or service providers who work for us or provide services to us or other HSBC Group companies (including their employees, sub-contractors, service providers, directors and officers)
• Any trustees, beneficiaries, administrators or executors
• People who give guarantees or other security for any amounts you owe us
• People you make payments to and receive payments from
• Your beneficiaries or intermediaries or any other person you have authorised us to share your information with or to take instructions from such as Related Parties or any joint account holders or joint customer or your advisers (such as solicitors, accountants or financial advisers)
• Any party to an agreement or transaction you, or people you have authorised, instruct us to undertake. This would include payment recipients in respect of bank transfers, the company or investment vehicle we make an investment in for you or the insurer who provides the insurance policy we take out for you
• Any parties we are authorised to make transfers of information to under a contract or agreement we have with you, or, where you are a Related Party, a contract we have with the Customer that you are a Related Party for. This may include fund managers, investment managers or advisers or asset managers where we advise on or manage investments, or asset managers, guarantors or other security or joint obligors where you or the Customer to whom you are related has a loan with us
• Any parties who reasonably need information to conclude those agreements or transactions we are instructed to undertake or we undertake in accordance with our contracts or agreements with you or the Customer you are related to. This would include market counterparties, any companies you hold securities in through us (e.g. stocks, bonds or options), any banks, card processing or payment processors, correspondent and agent banks in relation to any bank payments or transfers, any clearing houses, clearing or settlement systems, fund managers, investment managers, administrators or registrars involved in approving or confirming any investment we make on your behalf
• If our relationship arises out of an insurance policy or claim, insurers, intermediaries and administrators in respect of the policy, parties who are involved in assessing or processing any claim under the policy such as loss adjusters, claims handlers, private investigators, experts and our advisers and, where relevant, medical experts and rehabilitation providers
• Other financial institutions, lenders and holders of security over any property you charge to us, tax authorities, insolvency practitioners, trade associations, credit reference agencies, payment service providers and debt recovery agents
• Any fund managers who provide asset management services to you and any brokers who introduce you to us or deal with us for you
• Any entity that has an interest in the products or services that we provide to you, including if they take on the risk related to them
• To the credit reference agencies and fraud prevention agencies as set out in this privacy notice and to law enforcement, government, courts, dispute resolution bodies, parties to relevant disputes, tax authorities, our regulators, auditors and any party appointed or requested by our regulators to carry out investigations or audits of our activities
• Any people or companies where required in connection with potential or actual corporate restructuring, merger, acquisition or takeover, including any transfer or potential transfer of any of our rights or duties under our agreement with you
• Law enforcement, government, courts, dispute resolution bodies, our regulators, auditors and any party appointed or requested by our regulators to carry out investigations or audits of our activities
• Other parties involved in any disputes, including disputed transactions
• Fraud prevention agencies who’ll also use it to detect and prevent fraud and other financial crime and to verify your identity
• Anyone who provides instructions or operates any of your accounts, products or services on your behalf, e.g. Power of Attorney, solicitors, intermediaries, etc
• Anybody else that we’ve been instructed to share your information with by either you, a joint account holder or anybody else who provides instructions or operates any of your accounts on your behalf
• Our card processing supplier(s) to carry out credit, fraud and risk checks, process your payments, issue and manage your card
• If our relationship arises out of an insurance policy or claim, we will also share your information with:
  • Insurers and underwriters so they can provide you with a quote or cover (for further details, please refer to your insurance policy documentation. You can also refer to www.business.ciiom.hsbc.com for more information)
  • Other parties involved in providing your insurance policy, such as the intermediary or the insurer who provides your policy
  • Third parties involved in the administration of the relevant insurance policy or claim, including loss adjusters, claims handlers, private investigators, experts and our advisers
  • (Where relevant), medical experts and rehabilitation providers

When we advertise our products and services on the internet, we may share your information with our advertising partners. For example, when we use social media for marketing, your information may be shared with the social media platforms so they can check if you hold an account with them.

• If you do, they may use your information for:
• Sending our adverts to you, if we think that you might be interested in a new service that we offer
• Excluding you from receiving our adverts, if the advert is for a service you already use
• Advertising to people who have a similar profile to you. If we discover that one of our services is particularly useful to people with similar interests to the ones on your social media profile, we may ask our advertising partner or the social media network to send our adverts for that service to people who share your interests

You can contact us if you don’t wish us to share your personal data for online advertising. For more information, see “Rights of individuals”.

Social media platforms also allow you to indicate your preferences to them about the advertising you receive on their platforms. Please contact your social media platforms for more information.

We may share aggregated or anonymised information, within and outside of the HSBC Group, with partners such as research groups, universities or advertisers. For instance, we may share information about general spending trends in the Channel Islands and Isle of Man to help in research.

We keep your information in line with our data retention policy. For example, we’ll normally keep your core banking data for a period of ten years from the end of our relationship with you. This enables us to comply with legal and regulatory requirements or use it where we need to for our legitimate purposes, such as managing your account and dealing with any disputes or concerns that may arise.

We may need to retain your information for a longer period, where we need the information to comply with regulatory or legal requirements or where we may need it for our legitimate purposes, e.g. to help us respond to queries or complaints, fighting fraud and financial crime, responding to requests from regulators, etc.

If we don’t need to retain information for this period of time, we may destroy, delete or anonymise it more promptly.

Note that when you receive products or devices from third parties who HSBC has introduced you to, those third parties may keep your or Related Parties’ information in line with additional terms and conditions applicable to their products or services.

Your or Related Parties’ information may be transferred to and stored in locations outside of the Channel Islands, Isle of Man and the European Economic Area (EEA), including countries that may not have the same level of protection for personal information as CIIOM and the EEA do.

When we do this, we’ll ensure it has an appropriate level of protection and that the transfer is lawful. We may need to transfer your information in this way to carry out our contract with you, to fulfil a legal obligation, to protect the public interest and/or for our legitimate interests. In some countries the law might compel us to share certain information, e.g. with tax authorities. Even in these cases, we’ll only share your information with people who have the right to see it.

You can obtain more details of the protection given to your information when it’s transferred outside the Channel Islands, Isle of Man and the EEA by contacting us using the details in the ‘How to contact us’ section.

You’re responsible for making sure the information you or Related Parties give us is accurate and up to date, and you must tell us if anything changes as soon as possible. The obligation to keep us updated is generally on the Customer, so if you are a customer and something changes with one of your Related Parties, you need to let us know at once.

You or Related Parties can obtain further information on anything we’ve said in this Privacy Notice by contacting us using the following methods:

• Send us a secure message in online banking
• By phone:
  Private Bank customers: +44 1534 616 160
  Premier customers: +44 1534 616 313
  Advance customers: +44 1534 616 212
  Hong Kong residents (local call rate): +852 2822 3133
• Write to HSBC Expat, HSBC House, Esplanade, St Helier, Jersey, JE1 1HS Channel Islands