PRIVACY AND SECURITY POLICY
Please click here to view the Personal Information Collection Statement for HSBC Mandatory Provident Fund.
Please see below for HSBC's policy on Privacy and Security for business customers.
HSBC's Privacy Principles
Our business has been built on trust between our customers and ourselves. To preserve the confidentiality of all information you provide to us, we maintain the following privacy principles:
- We only collect personal information that we believe to be relevant and required to understand your financial needs and to conduct our business.
- We may use, transfer and disclose personal information in connection with purposes set out in the Notice Relating to the Personal Data (Privacy) Ordinance (the “Notice”) below (the “Purposes”).
- We may pass personal information to other HSBC Group companies or agents or other recipients set out in the Notice, as necessary and appropriate for the Purposes.
- We will not disclose personal information to anyone unless we have your consent or are required by law or public duty or have previously informed you or have legitimate business purposes that require disclosure.
- We may be required from time to time to disclose personal information to Governmental or judicial bodies or agencies or our regulators, but we will only do so under proper authority.
- We aim to keep personal information on our records accurate and up-to-date.
- We maintain strict security systems designed to prevent unauthorised access to personal information by anyone, including our staff.
- All HSBC Group companies, all our staff and all third parties with permitted access to personal information are specifically required to observe our confidentiality obligations.
By maintaining our commitment to these principles, we at HSBC will ensure that we respect the inherent trust that you place in us.
Your Privacy Matters to Us
This section provides specific details of how we treat any personal information you might wish to provide us when you visit this site.
- Security is our top priority. The Hongkong and Shanghai Banking Corporation Limited ('the Bank') will strive at all times to ensure that your personal data will be protected against unauthorised or accidental access, processing or erasure. We maintain this commitment to data security by implementing appropriate physical, electronic and managerial measures to safeguard and secure your personal data.
- The secure area of our website supports the use of 128-bit Secure Socket Layer (SSL) encryption technology - an industry standard for encryption over the Internet to protect data. When you provide sensitive information such as credit card details, it will be automatically converted into codes before being securely dispatched over the Internet.
- Our web servers are protected behind "firewalls" and our systems are monitored to prevent any unauthorised access. We will not send personal information to you by ordinary email. As the security of ordinary email cannot be guaranteed, you should only send email to us using the secure email facility on our website.
All practical steps will be taken to ensure that personal data will not be kept longer than necessary and that the Bank will comply with all statutory and regulatory requirements in the Hong Kong Special Administrative Region concerning the retention of personally identifiable information.
- Both you and HSBC play an important role in protecting against online fraud. You should be careful that your bank account details including your User ID and/or Password are not compromised by ensuring that you do not knowingly or accidentally share, provide or facilitate unauthorised use of it. Do not share your User ID and/or password or allow access or use of it by others. We endeavor to put in place high standards of security to protect your interests. If, in the unlikely event, unauthorised transactions have been conducted through your account through no fraud, fault or negligence on your part, we will see that you are covered for your direct loss up to the full amount of the unauthorised transaction.
- You should safeguard your unique User ID and Password by keeping it secret and confidential. Never write them down or share these details with anyone. HSBC will never ask you for your Internet Banking Password, in order to ensure that you are the only person who knows this information. When choosing your unique User ID and Password for the first time, do not create it using easily identifiable information such as your birthday, telephone number or a recognisable part of your name. If you think your User ID and/or password has been disclosed to a third party, is lost or stolen and unauthorised transactions may have been conducted, you are responsible to inform us immediately.
Collection of Personal Information
Your visit to this site may be recorded for analysis on the number of visitors to the site and general usage patterns. Some of this information will be gathered through the use of "cookies". Cookies are small bits of information that are automatically stored on a person's web browser in their computer that can be retrieved by this site. Cookies can make the site more useful by storing information about your preferences on particular sites, thus enabling website owners to provide more useful features for their users. The information collected by "cookies" is anonymous aggregated research data, and contain no name or address information or any information that will enable anyone to contact you via telephone, e-mail or any other means. Most browsers are initially set to accept cookies. If you would prefer, you can set your browser to disable cookies or inform you when they are set. However, by disabling them, you may not be able to take full advantage of our website, including HSBC Internet Banking.
HSBC may also work with third parties (such as Doubleclick, Yahoo!, Nielsen//NetRatings and WebTrends) to research certain usage and activities on parts of our web site on our behalf. Doubleclick, Yahoo!, Nielsen//NetRatings and WebTrends use technologies such as spotlight monitoring, web beacons and "cookies" etc to conduct this research. The information collected through technologies such as cookies, spotlight tags and web beacons etc are used to find out more about our users, including user demographics and behaviour and usage patterns, for more accurate reporting and to improve the effectiveness of our marketing. Information recorded through the use of these devices are aggregated and then shared with us. No personally identifiable information about you is collected or shared by Doubleclick, Yahoo!, Nielsen//NetRatings and WebTrends with HSBC as a result of this research. Should you wish to disable the cookies associated with these technologies such as spotlight tags and/or web beacons etc, you may do so by changing the setting on your browser. However, you may not be able to enter certain part(s) of our website, including HSBC Internet Banking.
- Marketing Promotions
Occasionally we may collect personal information from visitors to this site and those individuals that participate in a contest or promotion (online or over the telephone,or at one of our branches). Such information is only collected from individuals who voluntarily provide us with their personal information. We may use this information to advise them of products, services and other marketing materials, which we think, may be of interest to them. We may also invite visitors to this site to participate in market research and surveys and other similar activities.
You can choose to receive marketing and other promotional materials by email. If you do receive email or promotional direct mailings, you will always have an opportunity to opt-out.
If at any time you would like us to cease sending you direct mailings, please contact our Customer Service Hotline on (852) 2748 8288. We will then, at no cost to you, act on your request within 30 days and ensure that you are not included in future direct marketing promotions.
If we do ask you to provide personal information, we will always specify the purpose for which such personal information is collected and ensure that it is only used for the purpose specified at the time of collection.
*NOTICE RELATING TO THE PERSONAL DATA (PRIVACY) ORDINANCE (THE "ORDINANCE")
This Statement is made by The Hongkong and Shanghai Banking Corporation Limited ('the Bank') in accordance with the Personal Data (Privacy) Ordinance of the Hong Kong Special Administrative Region ('the Ordinance'). The Statement is intended to notify you why personal data is collected, how it will be used and to whom data access requests are to be addressed
- From time to time, it is necessary for individuals to supply the Bank with data in connection with the opening or continuation of accounts and the establishment or continuation of banking facilities or provision of banking services or compliance with any laws, guidelines or requests issued by regulatory or other authorities.
- Failure to supply such data may result in the Bank being unable to open or continue accounts or establish or continue banking facilities or provide banking services.
- It is also the case that data are collected from (i) customers in the ordinary course of the continuation of the banking relationship (for example, when customers write cheques, deposit money or apply for credit), (ii) a person acting on behalf of the individual whose data are provided, and (iii) other sources (for example, information obtained from credit reference agencies). Data may also be generated or combined with other information available to the Bank or any member of the HSBC Group ("HSBC Group" means HSBC Holdings plc, its affiliates, subsidiaries, associated entities and any of their branches and offices (together or individually) and "member of the HSBC Group" has the same meaning).
The purposes for which data may be used are as follows:
- considering applications for products and services and the daily operation of products, services and credit facilities provided to customers;
- conducting credit checks (including without limitation upon an application for consumer credit (including mortgage loans) and upon periodic or special reviews of the credit which normally will take place one or more times each year);
creating and maintaining the Bank's credit and risk related models;
assisting other financial institutions to conduct credit checks and collect debts;
ensuring ongoing credit worthiness of customers;
designing financial services or related products for customers' use;
- marketing services, products and other subjects as described in (f) below;
determining the amount of indebtedness owed to or by customers;
collecting of amounts outstanding from customers and those providing security for customers' obligations;
meeting obligations, requirements or arrangements, whether compulsory or voluntary, of the Bank or any of its branches or any member of the HSBC Group to comply with, or in connection with:
- any law, regulation, judgment, court order, voluntary code, sanctions regime, within or outside the Hong Kong Special Administrative Region ("Hong Kong") existing currently and in the future ("Laws") (e.g. the Inland Revenue Ordinance and its provisions including those concerning automatic exchange of financial account information);
any guidelines, guidance or requests given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers within or outside Hong Kong existing currently and in the future (e.g. guidelines, guidance or requests given or issued by the Inland Revenue Department including those concerning automatic exchange of financial account information) and any international guidance, internal policies or procedures;
any present or future contractual or other commitment with local or foreign legal, regulatory, judicial, administrative, public or law enforcement body, or governmental, tax, revenue, monetary, securities or futures exchange, court, central bank or other authorities, or self-regulatory or industry bodies or associations of financial service providers or any of their agents with jurisdiction over all or any part of the HSBC Group (together the "Authorities" and each an "Authority") that is assumed by, imposed on or applicable to the Bank or any of its branches or any member of the HSBC Group; or
any agreement or treaty between Authorities;
complying with any obligations, requirements, policies, procedures, measures or arrangements for sharing data and information within the HSBC Group and/or any other use of data and information in accordance with any programmes for compliance with sanctions or prevention or detection of money laundering, terrorist financing or other unlawful activities;
conducting any action to meet obligations of the Bank or any member of the HSBC Group to comply with Laws or international guidance or regulatory requests relating to or in connection with the detection, investigation and prevention of money laundering, terrorist financing, bribery, corruption, tax evasion, fraud, evasion of economic or trade sanctions and/or any acts or attempts to circumvent or violate any Laws relating to these matters;
meeting any obligations of the Bank or any member of the HSBC Group to comply with any demand or request from the Authorities;
enabling an actual or proposed assignee of the Bank, or participant or sub-participant of the Bank's rights in respect of the customer to evaluate the transaction intended to be the subject of the assignment, participation or sub-participation; and
purposes relating thereto.
Data held by the Bank or a member of the HSBC Group relating to an individual will be kept confidential but the Bank or a member of the HSBC Group may provide such information to the following parties (whether within or outside Hong Kong) for the purposes set out in paragraph (d):
- any agents, contractors, sub-contractors, service providers or associates of the HSBC Group (including their employees, directors, officers, agents, contractors, service providers, and professional advisers);
- any third party service provider who provides administrative, telecommunications, computer, payment or securities clearing or other services to the Bank in connection with the operation of its business (including their employees, directors and officers);
- any Authorities;
- any person under a duty of confidentiality to the Bank including a member of the HSBC Group which has undertaken to keep such information confidential;
- the drawee bank providing a copy of a paid cheque (which may contain information about the payee) to the drawer;
- any persons acting on behalf of an individual whose data are provided, payment recipients, beneficiaries, account nominees, intermediary, correspondent and agent banks, clearing houses, clearing or settlement systems, market counterparties, upstream withholding agents, swap or trade repositories, stock exchanges, companies in which the customer has an interest in securities (where such securities are held by the Bank or any member of the HSBC Group) or a person making any payment into the customer's account;
- credit reference agencies, and, in the event of default, to debt collection agencies;
- any person to whom the Bank or any of its branches or any member of the HSBC Group is under an obligation or required or expected to make disclosure for the purposes set out in, or in connection with, paragraph (d)(x), (d)(xi) or (d)(xii);
- any actual or proposed assignee of the Bank or participant or sub-participant or transferee of the Bank's rights in respect of the customer; and
- any member of the HSBC Group;
- third party financial institutions, insurers, credit card companies, securities and investment services providers;
- third party reward, loyalty, co-branding and privileges programme providers;
- co-branding partners of the Bank or any member of the HSBC Group (the names of such co-branding partners will be provided during the application process for the relevant services and products, as the case may be);
- charitable or non-profit making organisations; and
- external service providers (including but not limited to mailing houses, telecommunication companies, telemarketing and direct sales agents, call centres, data processing companies and information technology companies) that the Bank engages for the purposes set out in paragraph (d) (vii).
Such information may be transferred to a place outside Hong Kong.
In connection with paragraph (vii) above,
- of all the data which may be collected or held by the Bank from time to time in connection with mortgages, the following data relating to the customer (including any updated data of any of the following data) may be provided by the Bank, or on its behalf and/or as agent, to the credit reference agency:
- full name;
- capacity in respect of each mortgage (as borrower, mortgagor or guarantor);
- Hong Kong Identity Card Number or travel document number or certificate of incorporation number;
- date of birth or date of incorporation;
- correspondence address;
- mortgage account number in respect of each mortgage;
- type of the facility in respect of each mortgage;
- mortgage account status in respect of each mortgage (e.g. active, closed, write-off); and
- if any, mortgage account closed date in respect of each mortgage.
The credit reference agency will use the above data supplied by the Bank for the purposes of compiling a count of the number of mortgages from time to time held by the customer (as borrower, mortgagor or guarantor respectively, whether in sole name or joint names with others) for sharing in the consumer credit database of the credit reference agency by credit providers; and
- before the right referred to in (g) (v) below may be exercised, ( I ) in the event of any default in payment, unless the amount in default is fully repaid or written off (otherwise than due to a bankruptcy order) before the expiry of 60 days as measured by the Bank from the date such default occurred, the customer is liable to have his account repayment data retained by the credit reference agency at least until the expiry of five years from the date of final settlement of the amount in default and ( II ) in the event of any amount being written off due to a bankruptcy order being made against the customer, the customer is liable to have his account repayment data retained by the credit reference agency, regardless of whether the account repayment data reveal any material default, until the expiry of five years from the date of final settlement of the amount in default or the expiry of five years from the date of discharge from a bankruptcy as notified by the customer with evidence to the credit reference agency, whichever is earlier. Account repayment data include amount last due, amount of payment made during the last reporting period, remaining available credit or outstanding balance and default data (being amount past due and number of days past due, date of settlement of amount past due, and date of final settlement of amount in material default (if any)). Material default is a default in payment for a period in excess of 60 days.
- Use of Data in Direct Marketing
The Bank intends to use a customer's data in direct marketing and the Bank requires the customer's consent (which includes an indication of no objection) for that purpose. In this connection, please note that:
- the name, contact details, products and other service portfolio information, transaction pattern and behaviour, financial background and demographic data of a customer held by the Bank from time to time may be used by the Bank in direct marketing;
- the following classes of services, products and subjects may be marketed:
- financial, insurance, credit card, banking and related services and products;
- reward, loyalty, co-branding or privileges programmes and related services and products;
- services and products offered by the Bank’s co-branding partners (the names of such co-branding partners will be provided during the application for the relevant services and products, as the case may be); and
- donations and contributions for charitable and/or non-profit making purposes;
- the above services, products and subjects may be provided by or (in the case of donations and contributions) solicited by the Bank and/or:
- any member of the HSBC Group;
- third party financial institutions, insurers, credit card companies, securities and investment services providers;
- third party reward, loyalty, co-branding or privileges programme providers;
- co-branding partners of the Bank and the HSBC Group (the names of such co-branding partners will be provided during the application of the relevant services and products, as the case may be); and
- charitable or non-profit making organisations;
- in addition to marketing the above services, products and subjects itself, the Bank also intends to provide the data described in paragraph (f)(i) above to all or any of the persons described in paragraph (f)(iii) above for use by them in marketing those services, products and subjects, and the Bank requires the customer's written consent (which includes an indication of no objection) for that purpose;
- the Bank may receive money or other property in return for providing the data to the other persons in paragraph (f)(iv) above and, when requesting the customer's consent or no objection as described in paragraph (f)(iv) above, the Bank will inform the customer if it will receive any money or other property in return for providing the data to the other persons.
If a customer does not wish the Bank to use or provide to other persons his data for use in direct marketing as described above, the customer may exercise his opt-out right by notifying the Bank.
- Under and in accordance with the terms of the Ordinance and the Code of Practice on Consumer Credit Data approved and issued under the Ordinance, any individual has the right:
- to check whether the Bank holds data about him and of access to such data;
- to require the Bank to correct any data relating to him which is inaccurate;
- to ascertain the Bank's policies and practices in relation to data and to be informed of the kind of personal data held by the Bank;
- in relation to consumer credit, to be informed on request which items of data are routinely disclosed to credit reference agencies or debt collection agencies, and be provided with further information to enable the making of an access and correction request to the relevant credit reference agency or debt collection agency; and
- upon satisfactory termination of the credit by full repayment and on condition that there has been, within five years immediately before such termination, no material default under the credit as determined by the Bank, to instruct the Bank to make a request to the relevant credit reference agency to delete from its database any account data relating to the terminated credit.
- In accordance with the terms of the Ordinance, the Bank has the right to charge a reasonable fee for the processing of any data access request.
- The person to whom requests for access to data or correction of data or for information regarding policies and practices and kinds of data held are to be addressed as follows:
The Data Protection Officer
The Hongkong and Shanghai Banking Corporation Limited
PO Box 72677
Kowloon Central Post Office
- The Bank may have obtained a credit report on the customer from a credit reference agency in considering any application for credit. In the event the customer wishes to access the credit report, the Bank will advise the contact details of the relevant credit reference agency.
- Nothing in this Notice shall limit the rights of customers under the Ordinance.
Personal Information Collection Statement for HSBC Mandatory Provident Fund
- The personal data provided by Participating Employers and/or Members and details of transactions or dealings by such Participating Employers and/or Members from time to time may be used for one or more of the following purposes: - (i) the administration and/or management of or in connection with the contributions or accrued benefits or MPF account in respect of the Participating Employers and/or Members under the HSBC MPF schemes and Hang Seng MPF schemes administered by the HSBC Group; (ii) conducting direct marketing activities of MPF products and/or MPF services by entities of the HSBC Group as described in paragraph 5 below; (iii) improving and furthering the provision of MPF products and/or MPF services (including through customer research or surveys) by entities of the HSBC Group, subject to applicable MPF legislation; (iv) matching for MPF related purpose with other personal data concerning the relevant Participating Employers and/or Members; (v) compliance or in accordance with an order of a court or compliance or in accordance with a law or a requirement made under a law.
- Failure to provide your information may result in us being unable to process your application or perform the services you request.
- Personal data held by us relating to a Participating Employer and/or Member will be kept confidential but such information may be provided by us or any of our service providers to the following parties for the purposes set out in paragraph 1:- (i) any regulators or government authorities in any jurisdiction; (ii) any service provider, agent or contractor who provides administrative, telecommunications, computer, payment, data processing, matching, storage, customer research or survey or other services in connection with the operation of our MPF business; (iii) relevant Participating Employers; (iv) entities of the HSBC Group. Such information may be transferred to a place outside Hong Kong Special Administrative Region.
- You have the right to request access to and correction of your personal data held by us. Request should be addressed to: The Data Protection Officer, HSBC Provident Fund Trustee (Hong Kong) Limited, c/o HSBC Life (International) Limited, PO Box 73770, Kowloon Central Post Office.
For enquiries, please contact our MPF Hotline at (852) 2583 8033 (Employer) or (852) 3128 0128 (Member).
- We, entities of the HSBC Group, intend to use your personal data in direct marketing of MPF products and/or MPF services, and we require your consent (which includes an indication of no objection) for that purpose. In this connection, please note that:
(i) your name, contact details, other products and services portfolio information, transaction pattern and behaviour, financial background and demographic data held by us from time to time may be used in direct marketing; and
(ii) the MPF products and/or MPF services offered by entities of the HSBC Group may be marketed.
If you do not wish us to use your personal data in direct marketing as described in paragraph 5 above, you may exercise your opt-out right by notifying us.
- No person other than you and us will have any right under the Contracts (Rights of Third Parties) Ordinance to enforce or enjoy the benefit of any of the provisions of these Terms and Conditions.
Note: In case of discrepancies between the English and Chinese versions, the English version shall apply and prevail.