Top of main content

Privacy and Security

We build our business on trust between our customers and us. We understand that your data is important. Please see below our privacy notice which explains how we collect, store, use and share your data.

Security

Security is a top priority for us. Both you and we play an important role in safeguarding against fraud. This section outlines what you need to do and what we will do to help maintain security when using this site/app.

What we will do

We try to protect your personal data against unauthorised or accidental access or processing. We do this by: 

  • implementing appropriate physical, electronic and internal processes to safeguard and secure your personal data,
  • using 128-bit Transport Layer Security ("TLS") encryption technology, which is an industry standard for encryption over the internet to protect data, in the secure area of this site/app. When you provide sensitive information such as credit card details, it will be automatically converted into codes before being securely dispatched over the internet,
  • protecting our web servers behind "firewalls" and our systems are monitored to try to prevent any unauthorised access,
  • using the secure email facility if we need to send personal data to you by email. We won’t send your personal data by ordinary email,
  • taking all practical steps to ensure that personal data will not be kept longer than necessary and we comply with all laws and regulations in the Hong Kong Special Administrative Region concerning the retention of personal data.

What you need to do

Keep your account details and security details secure.

This means taking steps like:

  • not sharing or allowing anyone else to know your username or password, so don’t write them down. We’ll never verbally ask you for your password,
  • choosing a username and password that are not easily identifiable by others (such as your birthday, telephone number or email address),
  • using the secure email facility on this app/website for general enquiries.

Keep your device on which you access the site/app secure.

This means taking steps like:

  • keeping your device locked when not in use, with a PIN, password or biometric authentication,
  • not sharing your device. If you do allow someone else to use your device, please supervise their use to ensure that they don’t access your accounts,
  • not sharing or allowing anyone else to know any access password that you use on your device,
  • if you choose to activate the feature that allows you to use your biometric credentials to log onto your device or this app, ensuring that only your biometric credentials are registered on the device to avoid unauthorised access by other people,
  • only downloading HSBC apps and its updates from an official app store and not from any unofficial sources,
  • installing the latest anti-virus and anti-spyware software on your device that you use to access this site/app, and keeping it updated. When installing protection, always use a reputable brand from a mainstream supplier,
  • ensuring the operating system running on your device and the security update is up to date,
  • not disclosing your online banking credentials to any third parties (including third party mobile aggregator apps),
  • not using HSBC apps and the Mobile Security Key Feature on any device or operating system that has been modified outside the mobile device or operating system vendor supported or warranted configurations. This includes devices that have been "jail-broken" or "rooted". A jail broken or rooted device means one that has been freed from the limitations imposed on it by your mobile service provider and the phone manufacturer without their approval. The use of HSBC apps and the Mobile Security Key feature on a jail broken or rooted device may compromise security and lead to fraudulent transactions which we may not be responsible for.

If you think that your device has been lost, stolen or is being used by another person or if you think your username or password is known by someone else, please tell us straight away. You may be responsible for unauthorised payments made from your accounts if you have not kept your device, account details or security details safe or if you haven’t followed the security precautions that we advise you to follow from time to time.

For more tips on staying safe on internet banking, please read: Safe-internet-banking and on mobile banking, please read: mobile-security

 

Cookies notice

This Cookies notice provides you with information about the cookies we use on this website/app and the purposes for which we use them.

What are cookies?

Cookies are small pieces of data that websites/app store on your browser when you visit them. Cookies are useful because they allow a website/an app to recognise your visit and collect information about how you use that website/app.

How we use cookies

We use cookies on this website/app to operate our website/app, protect you and us, and provide you with the services you ask for.

We don’t have to ask for your consent to store these cookies on your browser. We’ve listed the categories of these cookies below.

Cookies that help provide core services and features

We use these cookies to provide core services and features on our website/app. These services and features won’t work without them.

We work with service providers and third parties who also set these cookies on this website/app.
Who else sets these cookies? For what purpose?
AppDynamics Provides us browser performance information in order that we can keep our websites/apps running smoothly.
Celebrus To allow us to fulfil digital journeys you qualify for, such as paying you cashback as part of a promotional offer.
LivePerson To provide chat support and messaging services.
Tealium (tag management) To allow us to control the deployment of tags (software that enhances our website/app) and also to enable the capture and respect of consent preferences obtained from our users.
We work with service providers and third parties who also set these cookies on this website/app.
Who else sets these cookies? AppDynamics
For what purpose? Provides us browser performance information in order that we can keep our websites/apps running smoothly.
Who else sets these cookies? Celebrus
For what purpose? To allow us to fulfil digital journeys you qualify for, such as paying you cashback as part of a promotional offer.
Who else sets these cookies? LivePerson
For what purpose? To provide chat support and messaging services.
Who else sets these cookies? Tealium (tag management)
For what purpose? To allow us to control the deployment of tags (software that enhances our website/app) and also to enable the capture and respect of consent preferences obtained from our users.

Cookies that help keep our website/app secure

We use these cookies to protect the security of our website/app, for example, to make sure the website/app is only accessed by genuine users. This helps us to keep you safe.

We work with service providers and third parties who also set these cookies on this website/app.
Who else sets these cookies? For what purpose?
Google (reCAPTCHA) To validate that the interaction with our site/app is being performed by a human rather than an automated system or ‘bot’ for security purposes.
We work with service providers and third parties who also set these cookies on this website/app.
Who else sets these cookies? Google (reCAPTCHA)
For what purpose? To validate that the interaction with our site/app is being performed by a human rather than an automated system or ‘bot’ for security purposes.

Cookies that help us detect fraud or crime

We use these cookies to help us identify suspicious behaviour on our website/app so we can protect both you and us from fraud.

 

Cookies that help us improve our website/app

We use these cookies to help us understand how people use our website/app. We can then use this data to improve how our website/app works. For instance, we may use analytics providers to identify and count visits to our website/app and to see which pages people go to and what they do there.

We work with service providers and third parties who also set these cookies on this website/app.
Who else sets these cookies? For what purpose?
Brightcove To track the playing of video clips in the website/app, including information regarding the performance and usage of the videos.
Celebrus To enable us to understand how you use and engage with our website/app.
Tealium (Event Stream) To enable us to understand how you use and engage with our website/app.
We work with service providers and third parties who also set these cookies on this website/app.
Who else sets these cookies? Brightcove
For what purpose? To track the playing of video clips in the website/app, including information regarding the performance and usage of the videos.
Who else sets these cookies? Celebrus
For what purpose? To enable us to understand how you use and engage with our website/app.
Who else sets these cookies? Tealium (Event Stream)
For what purpose? To enable us to understand how you use and engage with our website/app.

Cookies that support marketing

We and our partners use these cookies to understand what you’re interested in on our website/app and on social media. These cookies may also identify which other websites/apps may have directed you to our website/app. This is so we or our partners can personalise our marketing to you, including online advertising and through post, email, telephone, text, secure message or social media.

We work with service providers and third parties who also set these cookies on this website/app.
Who else sets these cookies? For what purpose?
Celebrus To help us understand how you use our website/app, in part so we can show you personalised advertising and also to provide messaging including direct marketing by phone, post and email. This is also used to measure the performance of digital marketing.
Google (DoubleClick) To help us deliver personalised advertising based on segmentation informed by your browsing behaviour and to measure the performance of our digital advertising.
Google (Tag Manager) To allow us to control the deployment of tags (software that enhances our website/app) and also to enable the capture and respect of consent preferences obtained from our users.
Google Ads To help us deliver personalised advertising based on segmentation informed by your browsing behaviour and to measure the performance of our digital advertising.
Meta Platforms Ireland (Facebook) Helps you share pages from our website/app on Facebook and us show you personalised advertising.
Microsoft (Bing) To help us deliver personalised advertising based on segmentation informed by your browsing behaviour.
Quantcast To help us deliver personalised advertising based on segmentation informed by your browsing behaviour and to measure the performance of our digital advertising.
Tealium (Audience Stream) To help us collect your browsing data in order to create profiles (which we call 'segmentation') based on browsing behaviour, and also to measure the performance of our digital advertising.
TheTradeDesk To help us deliver personalised advertising based on segmentation informed by your browsing behaviour and to measure the performance of our digital advertising.
Yahoo To help us deliver personalised advertising based on segmentation informed by your browsing behaviour.
We work with service providers and third parties who also set these cookies on this website/app.
Who else sets these cookies? Celebrus
For what purpose? To help us understand how you use our website/app, in part so we can show you personalised advertising and also to provide messaging including direct marketing by phone, post and email. This is also used to measure the performance of digital marketing.
Who else sets these cookies? Google (DoubleClick)
For what purpose? To help us deliver personalised advertising based on segmentation informed by your browsing behaviour and to measure the performance of our digital advertising.
Who else sets these cookies? Google (Tag Manager)
For what purpose? To allow us to control the deployment of tags (software that enhances our website/app) and also to enable the capture and respect of consent preferences obtained from our users.
Who else sets these cookies? Google Ads
For what purpose? To help us deliver personalised advertising based on segmentation informed by your browsing behaviour and to measure the performance of our digital advertising.
Who else sets these cookies? Meta Platforms Ireland (Facebook)
For what purpose? Helps you share pages from our website/app on Facebook and us show you personalised advertising.
Who else sets these cookies? Microsoft (Bing)
For what purpose? To help us deliver personalised advertising based on segmentation informed by your browsing behaviour.
Who else sets these cookies? Quantcast
For what purpose? To help us deliver personalised advertising based on segmentation informed by your browsing behaviour and to measure the performance of our digital advertising.
Who else sets these cookies? Tealium (Audience Stream)
For what purpose? To help us collect your browsing data in order to create profiles (which we call 'segmentation') based on browsing behaviour, and also to measure the performance of our digital advertising.
Who else sets these cookies? TheTradeDesk
For what purpose? To help us deliver personalised advertising based on segmentation informed by your browsing behaviour and to measure the performance of our digital advertising.
Who else sets these cookies? Yahoo
For what purpose? To help us deliver personalised advertising based on segmentation informed by your browsing behaviour.

Cookies that we use to make your visit more personal

We use these cookies to ensure our optional features and services work. Our website/app will still work without them.

This category may also include:

  • Cookies that allow us to customise what you see on our website/app and where, based on what we know about you
  • Cookies that help prevent fraud on other websites/apps or services that you haven’t asked to use when you’re on our website/app
  • Cookies that help keep secure other websites/apps or services that you haven’t asked to use when you’re on our website/app
We work with service providers and third parties who also set these cookies on this website/app.
Who else sets these cookies? For what purpose?
Celebrus To enable delivery of personalised content in various forms across our websites/apps and to provide service-based outbound messaging. This may be based on segmented profiling.
Optimizely To enable delivery of personalised content in various forms across our websites/apps. This may be based on your browsing behaviour or what we know about you as a customer or contact.
Qualtrics To enable us to provide pop-up questionnaires to you or enable you to provide feedback using surveys.
Tealium (Audience Stream) To enable delivery of personalised content in various forms across our websites/apps. This may be based on your browsing behaviour or what we know about you as a customer or contact.
We work with service providers and third parties who also set these cookies on this website/app.
Who else sets these cookies? Celebrus
For what purpose? To enable delivery of personalised content in various forms across our websites/apps and to provide service-based outbound messaging. This may be based on segmented profiling.
Who else sets these cookies? Optimizely
For what purpose? To enable delivery of personalised content in various forms across our websites/apps. This may be based on your browsing behaviour or what we know about you as a customer or contact.
Who else sets these cookies? Qualtrics
For what purpose? To enable us to provide pop-up questionnaires to you or enable you to provide feedback using surveys.
Who else sets these cookies? Tealium (Audience Stream)
For what purpose? To enable delivery of personalised content in various forms across our websites/apps. This may be based on your browsing behaviour or what we know about you as a customer or contact.

Cookies duration and your browser settings

The length of time for which cookies are stored on your browser varies depending on the cookie. Some cookies only last for your online session, whereas others will stay on your browser for a reasonable time afterwards. Unless we’ve given a specific time in the list of cookies above, the cookies set via our website/app will usually last up to 24 months from your most recent visit to our site/app.

Some of our partners in the list above also use the same cookies to collect information about the use of their own or other websites/apps. In these cases the cookie can remain on your device, usually for up to 24 months from your last visit to the site/app that accessed that cookie.

You can use your browser settings to delete cookies that have already been set at any time. You can also use your browser settings to manage cookies, for example, to switch off a cookie altogether. If you do this, it could mean that we can't use cookies properly and so parts of our website may not work correctly. For more information about how to use your browser settings to clear your browser data or to manage cookies, check your browser 'Help' function.

Cookies and your privacy

The information cookies collect, and how we use that information, may count as personal data. We may also be able to identify you by name, IP address or session ID. You have rights regarding how we collect, store and use your personal data.

You can learn more about how we use your personal data in our Privacy Notice section below.

Use of Big Data & Artificial Intelligence ("BDAI")

Big data technologies and artificial intelligence (“BDAI”) enable companies to process and analyse a depth and breadth of data which has never been possible before. At HSBC, we are using big data and AI to, for example:

  1. Bring benefits to our customers, for example, by improving customer service
  2. Manage risks for ourselves and our customers
  3. Better identify and offer relevant products and services to customers
  4. Improve operational efficiencies.

Using these new technologies and opportunities come with new responsibilities: we must ensure that big data and AI are used ethically. That is why we have a set of principles to help us consider and address the ethical issues that may arise. 

You can find our Principles for the Ethical Use of Data and Artificial Intelligence here

HSBC’s Privacy Principles

We build our business on trust between our customers and ourselves. To preserve the privacy of personal data you provide to us, we follow the following privacy principles:

  1. Transparency: We are clear and transparent about how we collect and use personal data, including providing data subjects with a statement of how we may use their data where required.
  2. Fair and lawful usage: We only collect, process and store personal data lawfully and where we have a legitimate reason to do so.
  3. Limited purposes: We only process personal data for specified purposes, and will not use it for another incompatible purpose without first taking any steps required by applicable data privacy laws to enable us to do so lawfully.
  4. Data minimisation and adequacy: We ensure our collection, retention and processing of personal data is proportionate. We will strike an appropriate balance to ensure that we process sufficient data to carry on our business and achieve any specified lawful purposes, while making sure that we do not collect, retain or process excessive amounts of data.
  5. Data quality and accuracy: We maintain appropriate standards of data quality and integrity, and we implement policies in respect of data accuracy, including taking steps to avoid personal data becoming out of date where appropriate.
  6. Privacy by Design: We ensure that new products and services, or changes to existing products or services, are designed to respect data privacy law. We make sure every individual who works with personal data is aware of their legal obligations and their responsibility to follow these principles.
  7. Data security and retention: We retain personal data securely, implement appropriate data retention policies, and we dispose of personal data securely once it is no longer required. We ensure that only persons who are permitted to access your personal data are allowed to do so.
  8. Training and awareness: We ensure that those acting on our behalf with access to personal data are trained appropriately on their obligations regarding such data.
  9. Data subject rights: We respect individuals’ rights in respect of their personal data.
  10. Third parties: Where we appoint a vendor or agent to process personal data, we require them to process the data in a manner consistent with these principles. We only disclose data to governmental or judicial bodies or law enforcement or agencies or our regulators where this is allowed by applicable data privacy laws, or where required by other laws and regulations.
  11. Data transfers: Where we voluntarily transfer personal data to another HSBC Group entity, third party or to another jurisdiction, we ensure that the transfer is lawful and that the recipient is required to process the data in a manner consistent with these principles.

By maintaining our commitment to these principles, we will ensure that we respect the inherent trust that you place in us.

Data Privacy Notice

Current version https://www.hsbc.com.hk/misc/data-privacy-notice/
Earlier version
(applies if you have not consented to the current version above)
https://www.hsbc.com.hk/misc/pdo-before-jun2014/
Current version Earlier version
(applies if you have not consented to the current version above)
https://www.hsbc.com.hk/misc/data-privacy-notice/ https://www.hsbc.com.hk/misc/pdo-before-jun2014/

IMPORTANT: By accessing this site/app and any of its pages you are agreeing to the terms set out above. Thank you for choosing HSBC.