How we collect and store your information
We collect your information:
- when you interact with us
- when you visit our websites or use our products, services and mobile apps
- from other people and companies (such as described in section B)
- from other HSBC group companies
We store your information in physical or electronic form on our systems, our service providers' systems or a third party cloud locally or overseas.
What we use your information for
We use your information:
- to provide products and services to you
- to market products or services to you if you've given us your consent to do so
- to comply with laws, regulations and requirements, including our internal policies
- to help us to prevent financial crimes
- to improve our products, services and marketing
- for the other purposes set out in section A.
Who we share your information with
We may share your information:
- with others who help us provide services to you or who act for us (such as our professional advisers)
- with other HSBC group companies
- with third parties, if you consent to us sharing your information with them
- with local or overseas law enforcement agencies, industry bodies, regulators or authorities
- with the other third parties set out in section C.
We may share your information locally or overseas.
We comply with the laws of Australia.
You can access your information
You can request access to the information we store about you. We may charge a fee for this.
You can also ask us to correct or update your information.
You can set or amend your marketing preferences
You can contact us about how we have handled your information
The Privacy Officer
HSBC Bank Australia Ltd
GPO Box 5302
SYDNEY NSW 2001
A. Information use
Your information may be used to
- assess you for products and services and enable us to provide and operate them
- conduct verification or credit checks and reviews on you, obtain or provide credit references or detect fraudulent applications
- manage our business, including our human resources, credit and other risk management functions and to comply with our internal policies
- design and improve our products, services and marketing
- provide you with marketing information (find out more in section C) and personalised advertising (including by aggregating your information with information of others)
- exercise our rights under contracts with you, including collecting any amounts you owe us
- comply with compulsory or voluntary requirements that we or the HSBC group has such as legal, tax, regulatory, sanctions or market requirements in Australia and overseas
- comply with requests made by different bodies or authorities such as legal, regulatory, law enforcement, government and tax authorities in Australia and overseas. Sometimes we may have to comply with such requests and other times we may choose to voluntarily comply
- comply with our or any HSBC group company's policies, procedures and other commitments in the detection, investigation and prevention of financial and other crimes. This may involve sharing your information in Australia and overseas. This is important in our wider fight against these crimes
- allow any company that we transfer our business or assets to, to evaluate our business and use your information after any transfer
- any other uses for which you have given consent
- any other purpose relating to any of the purposes above.
B. Information collection and storage
We may collect and hold
- information (including sensitive information) that you give to us, such as your contact and identification details, tax file number or information about your race or ethnic origin (for instance, we may ask you what language you would prefer to communicate with us in)
- biometric information such as your voice ID and facial recognition information
- information about your personal circumstances such as significant life events or information about your health;
- your geographic information and location information based on your mobile or other electronic device
- information required under law as set out in section D.
If you don't give us information then we may be unable to provide products or services, or your use or access may be limited.
We may also collect information about you from third parties such as:
- people who act for you or who you give consent to transfer information to us
- publicly available sources or agencies that collect information which they use to create statistics or to verify your identity
- credit reference, debt collection, fraud prevention and government agencies
- those you deal with through our services.
We may generate information about you
- by combining information that we and other HSBC group companies have collected about you and based on the analysis of your interactions with us
Protecting your stored information
While we store it, your information is protected by physical, electronic and procedural safeguards (which may include encryption and other forms of security) and governed by the laws of Australia and the Australian Privacy Principles.
Our third party service providers that receive your information are also required to comply with strict measures to protect your information and to apply appropriate measures for the use and transfer of information.
Information collected may be retained and used by us for a reasonable period in accordance with our data retention policy. For example, we normally keep your main banking information for a period of seven years from when our relationship with you ends. This allows us to comply with legal and regulatory requirements or use it where we need to for our legitimate purposes such as managing your account and dealing with any disputes or concerns that may arise. We may need to keep your information for longer where we need the information to comply with regulatory or legal requirements, help detect or prevent fraud and financial crime, answer requests from regulators etc. If we don't need to keep information for this length of time, we may destroy, delete or anonymise it sooner.
If you provide information about others
C. Information sharing
We share your information with
- HSBC group companies or business divisions
- third parties who provide services to us or who you have consented to us sharing your information with
- other third parties we work with or parties we need to share with for the purpose of acting on your instructions
- any bodies or partnerships between law enforcement and the financial sector or authorities, such as legal, regulatory, law enforcement, government and tax authorities in Australia or overseas or anyone acting for them
- any person who you hold a joint account with, people who can give instructions for you and anyone who may give security for your loans
- any third party who we may transfer our business or assets to
- partners and providers of reward, co-branding or loyalty programs, charities or non-profit organisations
- social media advertising partners (who can check if you hold an account with them for advertising purposes and the partner may then use your information to send our adverts to you and advertise to people who have a similar profile to you).
We may share your anonymised information with other parties not listed above. If we do this you won't be identifiable from this information.
Storing your information overseas
We may transfer and store your information overseas (see section D). Where those countries don't have the same level of protection for personal information, we'll take reasonable steps to ensure overseas recipients provide the same level of protection.
This is when we use your personal information to send you details about products, services and offers such as financial, insurance or related products and services provided by us or our co-branding partners, rewards, loyalty privileges or charities. We'll only do this if you've consented (including by your indication of no objection to us).
We may use your contact details and information such as your demographic information, products and services that you are interested in, transaction behaviour, portfolio information, location information, social media information, analytics and formation from third parties when we market to you.
You can tell us anytime if you don't want to receive marketing from us by clicking the "unsubscribe" links in our emails, contacting us (it may take a short time to update our records to reflect any change), or updating your preferences on social media platforms.
We'll need to get your separate consent to share your information with others for them to market their products and services to you.
D. Your rights
For personal information that is not Consumer Data Right (CDR) data, you can request access to your information. You can also correct information that we hold about you and give feedback. We may be unable to provide you with access to some information. If so, we'll explain why not unless it's illegal to tell you. You can also ask us to explain our data policies and practices.
For personal information that is CDR data, please refer to the 'Consumer Data Right' sub-heading below and to the link to our CDR Policy on information about your rights to access and correct your CDR data.
Information we are required or authorised under law to collect
We collect the following information because we are required or authorised by or under Australian law:
- your identification information under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) and Anti-Money Laundering and Counter-Terrorism Financing Rules Instrument 2007 (No. 1)
- where you apply for consumer credit – to ascertain and verify your credit or financial information in accordance with our obligations under the National Consumer Credit Protection Act 2009 (Cth)
- to determine and report your foreign tax residency status
- your tax file number, if you choose to provide it to us, by the Income Tax Assessment Act 1936 (Cth)
- to disclose your personal information that CDR data to a third party accredited data recipient when you authorise us to do so, under Part IVD of the Competition and Consumer Act 2010 (Cth) and the Competition and Consumer (Consumer Data Right) Rules 2020 (Cth).
We may ask a credit reporting body to assist in verifying your identify by providing us with an assessment of whether the information we hold about you matches their records. The credit reporting body may use this information and information held by the body of other individuals for the purpose of preparing and providing this assessment to us.
You may be subject to an Information Match Request in relation to information held by an Official Record Holder. A corresponding Information Match Result may be provided to us (via a credit reporting body) if we use the Commonwealth Attorney General's Department Document Verification Service to verify your identity. If you would like more information on what these are please visit www.dvs.gov.au.
The Privacy Act 1988 (Cth) contains certain exemptions in relation to certain acts undertaken in relation to employee records and related bodies corporate. Where appropriate we make use of relevant exemptions in the Act.
Consumer Data Right
Countries and territories in which we operate
HSBC has operations in 64 countries and territories. Our network covers:
Europe (Austria, Belgium, British Virgin Islands, Czech Republic, France, Germany, Greece, Guernsey, Ireland, Isle of Man, Italy, Jersey, Luxembourg, Netherlands, Poland, Russian Federation, Spain, Sweden, Switzerland, United Kingdom)
Asia (Australia, Bangladesh, China, Hong Kong, India, Japan, South Korea, Macau, Malaysia, Maldives, Mauritius, New Caledonia, New Zealand, Philippines, Singapore, Sri Lanka, Taiwan, Vietnam)
North and Latin America (Argentina, Bermuda, Brazil, Canada, Chile, Colombia, Mexico, Peru, Uruguay, United States of America)
Middle East and North Africa (Algeria, Armenia, Bahrain, Egypt, Israel, Kuwait, Lebanon, Malta, Morocco, Nigeria, Oman, Qatar, Saudi Arabia, South Africa, Turkey, United Arab Emirates).
Making a complaint
If you wish to make a complaint because you believe we have not complied with the Privacy Act 1988 (Cth), Privacy (Credit Reporting) Code or about the way we have handled your personal information, you can contact our Privacy Officer at firstname.lastname@example.org.
You may also lodge a complaint by contacting the HSBC Customer Relations Department:
Phone (within Australia, toll free, 8am to 7pm AEST): 1300 308 188
Phone (overseas): +61 2 9005 8181
Post: Customer Relations Team - HSBC Bank Australia Limited, Tower 1 - International Towers Sydney, 100 Barangaroo Avenue, Barangaroo NSW 2000, Australia.
We will attempt to respond to any complaints, access or correction requests as soon as possible, and no later than 30 days once we've verified your identity. However, if it's a complex matter, we may need to ask you for an extension to this period and give you the reasons why we need to have the period extended. If you do not consent to the extension sought by us, we may not be able to resolve your complaint, access or correction request.
If you are not satisfied with the outcome of your complaint to us, you can contact the Australian Financial Complaints Authority by sending a complaint form to:
Post: GPO Box 3, Melbourne, VIC 3001
Phone: 1800 931 678
The Australian Financial Complaints Authority is a free service established to provide you with an independent mechanism to resolve specific complaints.
Alternatively, you can contact the Office of the Australian Information Commissioner (OAIC) by sending a complaint form to:
Post: GPO Box 5218, Sydney, NSW 2001 or GPO Box 2999 Canberra ACT 2601
Fax: +61 2 9284 9666
Please note the OAIC requires any complaint must first be made to the respondent organisation. The law also allows 30 days for the respondent organisation to deal with the complaint before a person may make a complaint to the OAIC.
For general enquires call: 1300 363 992
Effective 13 July 2022.