HSBC Privacy Policy
To preserve the confidentiality of all information you provide to us, we have adopted the following privacy policy.
HSBC is bound by the National Privacy Principles under the Privacy Act 1988 (Cth) (the “Privacy Act”), our existing obligations of confidentiality to you and all other applicable privacy laws, guidelines and codes nationally.
All members of the HSBC Group take privacy seriously and are committed to observing applicable national and international privacy policies and information handling practices.
The HSBC Group is comprised of all its offices, branches, holding companies, subsidiaries, affiliates and any other entity in respect of which HSBC Holdings plc owns (directly or indirectly) 50% or more of the issued voting share capital or stock.
The list of current entities that make up the HSBC Group may be found on the website HSBC maintains at www.hsbc.com.au or such other website as is notified by HSBC (the “Website”).
Account holders or those people and entities applying to open an Account with us are referred to in this Privacy Policy as “you”.
By maintaining our commitment to this policy, we at HSBC will ensure that we respect the inherent trust that you place in us.
We only collect information that we believe to be relevant and required to understand your financial needs and to conduct our business.
We collect the personal information we need to provide products and services we offer, which includes a broad range of credit, deposit, insurance and other financial products. We also collect personal information about our customers and suppliers, or employees or officers of our customers and suppliers, so that we can complete business transactions, purchase products and services, administer accounts, provide customer support, to meet regulatory requirements and to further develop and research our products and services.
Where you have a business, company or other legal entity such as a trust structure or partnership, we may collect personal information about directors, company secretaries, trustees and anyone else permitted to act on the entity’s behalf.
Where practicable, we will collect personal information directly from the individual concerned. Sometimes we will collect it from a third party, such as a financial adviser, a broker, a family member, an associate, a credit-reporting agency, a data matching organisation or from a publicly available source such as a company or land title office. The type of information we collect, and where we get it from, will depend on the product or service you or your organisation has applied for.
If you deal with us by telephone it is possible your call may be monitored or recorded. The purpose of doing this will depend on which part of our business you are dealing with. We may record or monitor your call for training, quality, verification and authentication purposes.
If we perform an identification check on, or obtain an identification reference for, an individual who is to become a signatory on an account with us, we are doing so to comply with the Anti Money Laundering and Counter Terrorist Financing Act 2007 (Cth).
If you are under 18 years of age and wish to use our products and services, we may collect your personal information from a parent or guardian who will provide the consent to use and disclose your personal information.
We use your information to provide you with better customer services and products.
We will use and disclose personal information we hold about you for the main purpose for which we have collected the information (for example, if you apply through us for an insurance policy we will disclose the information on the application to the insurer). We will also use and disclose the personal information for a secondary purpose related to that main purpose where the individual would reasonably expect us to do so (for example we may disclose to a printer which prints the cheques we issue to access a savings account). Otherwise, we will keep personal information confidential unless:
- you agree - this can be express agreement (for example, where you sign a form or click on a button electronically); or
- implied agreement (where your conduct suggests you agree or you do not inform us that you do not agree when we offer you that opportunity); or
- we are required or allowed by law to make the disclosure (for example, to comply with anti-money laundering and counter - terrorist financing laws or where we receive a court order, are served with a subpoena, or receive government agency requests including but not limited to taxation or Centrelink requests).
We also use personal information for planning, product development, to research purposes and to seek feedback on our products and services, to build peer/group profiling to enable HSBC to compare your account behaviour with peer groups such as age group, account type, and to detect fraud or money laundering or terrorist finance activities.
We may pass your information to other HSBC Group companies or agents, as permitted by law
Where we outsource our functions to HSBC Group members, contractors or agents, it may be necessary for members of the entities to which we outsource to access your personal information to continue to provide products and services to you. HSBC Group members, contractors and agents will be bound to adhere to the relevant privacy handling legislation, policies and practices in relation to the use or disclosure of your personal information. These HSBC Group members, contractors or agents will be both overseas and locally based.
If any personal information we need is not available, or not provided, we may not be able to provide the relevant product or service.
We will not disclose your information to any external organisation unless we have your consent or are required by law or have previously informed you.
The sorts of organisations outside the HSBC Group to which we typically disclose personal information include the following lists below. This is not a complete list -there will be others which are less common or which you have been told, or will be told, about when you applied or apply for the relevant product or service.
Where you apply for or take out a loan or some other form of credit
- credit reporting agencies for the purpose of obtaining a credit report;
- mortgage insurers and re-insurers of mortgage insurance;
- merchant retailers - if you apply for credit to enable you to make a purchase
- mortgage brokers – where you apply for credit through a mortgage broker;
- debt collection agencies - if you do not meet your payment obligations;
- guarantors - for those customers whose credit is guaranteed or who propose someone should guarantee their obligations;
- insurance companies and possibly also insurance brokers and agents - if you take out insurance in connection with a loan, or finance the payment of an insurance premium;
- other people who have an interest in any property offered to HSBC as security;
- organisations acquiring an interest in your loan or credit account or involved in managing our corporate risk and funding functions (for example, organisations involved in securitisation);
If we issue a deposit power bond, at your request, in connection with a purchase of a property - the vendor of the property;
- the insurance company or guarantor on whose behalf we issue the bond; and
- credit providers.
Other
- service providers to HSBC for example mailing houses, planning services, product development, research purposes, cheque processors, printers, lawyers, auditors, receivers and liquidators (these organisations are required to keep the personal information we give them confidential and use it only for our purposes);
- alliance partners for example, where you have a cobranded product such as the HSBC American Express card;
- a financial planner, financial adviser, broker, agent or accountant - if you are introduced to us by, or apply to us through, them or if you authorise or request us to disclose information to them;
- if you apply for an investment through our financial planning business, if you authorise someone else to operate your account (including an additional cardholder on a credit card account), that person;
- if you use the Bank@Post™ service or you undertake a 100 point identification check at a post office, Australia Post;
- payment system operators and participants in payment systems;
- if you have an account with another financial institution and you use one of our automatic teller machines, that other financial institution;
- where we decide to securitize loans; and
- where we decide to sell or merge aspects of our business or where we acquire new businesses
We may be required from time to time to disclose your information to Governmental or judicial bodies or agencies or our regulators, but we will only do so under proper authority.
- Personal information may be used and disclosed for prudential, risk management and corporate governance purposes.
We aim to keep your information up-to-date.
- We rely on the personal information we hold about you in conducting our business. Therefore, it is important that the information we hold about you is accurate, complete and up-to-date. This means that from time-to-time we may ask you to tell us if there are any changes to your personal information. If you find that information we hold about you is incorrect, please contact us immediately.
- Generally, HSBC allows individuals access to the information it holds about them within a reasonable time after they have made a written request for access. In some instances, HSBC will refuse to give an individual access to requested information. If it does so it will provide that individual with the reason it has refused them access.
- We may also decide to provide you with limited information. If we do so, we will let you know why your request has been limited. This may be because the process you are asking about is commercially sensitive or the request is vexatious or frivolous.
HSBC will correct information it has about you if it discovers, or you are able to show, the information is incorrect. If you seek a correction and HSBC disagrees that the information is incorrect, HSBC will provide you with its reasons for taking that view. HSBC may charge a fee for informing an individual what information it has about them. This fee will be charged to cover HSBC’s reasonable costs in locating and supplying the information.
How to gain access to your Personal Information
You may request access to a limited amount of your personal information such as checking your current address by telephone or in one of our branches. For more substantial requests such as details recorded on your personal loan or credit card we will ask you to complete and sign our Request for Access to Personal Information Form and mail it to:
The Privacy Officer
HSBC Bank Australia Limited
GPO Box 5302
Sydney NSW 2001
Phone: 1300 308 008
Following the receipt of your requests, our Privacy Officer will be in contact and provide you with an estimate of the charge and confirm whether you wish to proceed with accessing your information.
Responding to your request
We will attempt to resolve your concerns within 14 days. However, where the matter is complex, we will write to you and advise you that we will attempt to resolve the matter within 30 days.
Joint information
Where you have a joint account with an individual or a number of individuals we will permit access to the account details and the operation or conduct of the account but will not provide you access to the other individual’s personal information unless the person you have the joint account with has provided their consent or the law or a court order requires us to.
We maintain strict security systems designed to prevent unauthorised access to your information by anyone, including our staff.
The security of your information is important to HSBC and we take all reasonable precautions to protect your information from misuse, loss, unauthorised access, modification or disclosure.
All Group companies, all our staff and all third parties with permitted access to your information are specifically required to observe our confidentiality obligations.
Some of the ways we protect your information include but are not limited to:
- security of external and internal premises;
- restricting access to personal information to employees who need it to perform their day-to-day functions;
- providing employee training in relation to privacy and confidentiality;
- data encryption technology and firewalls;
- maintaining technology to prevent unauthorised computer access including identifiers and passwords; and
- maintaining physical security over paper records. We also will de-identify your personal information where possible to ensure your anonymity and securely destroy your information where it is no longer needed for any purpose and after any regulatory timeframes for holding your information, have expired.
Do not access Internet Banking from computer terminals which are shared with other users (e.g. Internet cafes), as it is difficult to ensure these PCs are free of hacker programmes (someone might be able to access your personal/account information).
Website collection
When using the public area of our website, you are not required to provide us with any personal information if you do not wish to do so and we do not monitor or collect personally identifiable information from you on your use of the public sections of the website. We may track the number of users who visit areas of the website, but this tracking will not identify you, unless you use cookies. For more information about why we use cookies, please go to the section ‘Our use of cookies’. We may also record the location of your computer on the Internet for systems administration and trouble shooting purposes and to report aggregate information.
However, we will collect personal information if you commence or submit an application on-line, or otherwise knowingly provide us with personal information. We also collect personal information once you are in the secure section of our site (for example when you use it to make transactions or enquiries).
Our use of cookies
Cookies are pieces of information that a website transfers to your computer’s hard disk for record keeping purposes and which allow us to provide you with customised services. Cookies can make the web more useful by storing information about your preferences on particular sites, thus enabling website owners to provide more useful features for their users. They can also help us provide information which is targeted to your interests. Cookies contain no name or address information or any information that will enable anyone to contact you via telephone, e-mail or any other means.
Most browsers are initially set to accept cookies. If you would prefer, you can set your browser to refuse cookies. However, given that we may sometimes use cookies, you may not be able to take full advantage of our website, if you do so.
Web Beacons
Our web pages may contain electronic images, known as web beacons or spotlight tags. These electronic images enable us to count users who have visited certain pages on our website. Web beacons and spotlight tags are not used by us to access your personal information, they are simply a toll we use to analyse which web pages customers view, in an aggregate number.
Other terms
There may also be specific and additional privacy provisions, which apply to certain sections of our Website, or accounts you hold with us or services provided to you, which will operate in addition to the provisions of this Privacy Policy. If there is any inconsistency between the provisions of this Privacy Policy and those other specific and additional provisions, the specific and additional provisions will prevail.
Please see www.hsbc.com.au and our various links such as privacy and security, terms of use, and Hyperlink Policy.
Direct marketing
From time to time we or other members of the HSBC Group may use your personal information to inform you about HSBC Group products and services including special offers.
If you do not wish to receive this information, simply let us know by contacting HSBC’s customer service centre on 1300 308 008 or in writing to HSBC Bank Australia Limited, Marketing, GPO Box 5302, Sydney 2001. You can change your mind about receiving information about our products and services at any time. Simply let us know by phoning the above number or writing to the above address.
HSBC does not disclose your information to organisations outside the HSBC Group for the purposes of allowing them to direct market their products to you.
If the law requires us to provide you with information about our products or services, we will provide that information to you even if you have elected not to receive information about our products and services generally.
Changes to our Privacy Policy
We may make changes to our privacy policy from time to time and for any reason. If we do, we will publish an updated Privacy Policy on our website.
Additional Information
Individuals who would like more information about HSBC’s approach to privacy, or would like to find out what information we hold about them, are encouraged to contact:
The Privacy Officer
HSBC Bank Australia Limited
GPO Box 5302
Sydney NSW 2001
Phone: 1300 308 008
If you would like more information about privacy laws generally please contact:
The Privacy Commissioner
Office of the Federal Privacy Commissioner
GPO Box 5218
Sydney NSW 1042
Phone: 1300 363 992
Internet: http://privacy.gov.au
Email: privacy@privacy.gov.au
If you have privacy concerns
If you have concerns about the way in which we have handled your personal information or believe your privacy has been compromised you should contact our Customer Relations Complaint team on 1300 308 188 or Fax: 02 9255 2647. You should advise the Customer Relations team that your concern is in relation to a privacy matter and provide full details of your concern. We may ask you to place your concerns in writing in order for us to fully understand and investigate the issues you have raised.
