This website tech.hsbc (the “Site”) provides access to articles from contributors within HSBC technology to share how we maximise the benefits of technology and deliver against our manifesto. The Site is owned by HSBC Group Management Services Limited. HSBC Group Management Services Limited is a company registered in England and Wales under Company Register Number 09231974 and with its registered office at 8 Canada Square, London E14 5HQ.
For the purpose of applicable data protection laws, the data controller is HSBC Group Management Services Limited of 8 Canada Square, London E14 5HQ (‘we, ‘us’ and ‘our’).
References to the 'HSBC Group' are references to HSBC Holdings plc, its subsidiaries and affiliated companies.
2. Information we may collect about you
We may collect and process the following personal data:
- Details of your visits to the Site (including, but not limited to, traffic data, location data, weblogs and other communication data, and the resources that you access).
- Information about your computer (or mobile device), including where available your IP address, operating system and browser type, for system administration or for our own commercial purposes. This is statistical data about our users' browsing actions and patterns.
The information we collect automatically is statistical data and may not include personal information, but we may maintain it or associate it with personal information we collect in other ways or receive from third parties.
We may also ask you for information when you report a problem with the Site. If you contact us, we may keep a record of that correspondence. We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
4. Where we store your personal data
- the country that we send the data to might be approved by the European Commission;
- the recipient might have signed up to a contract based on "model contractual clauses" approved by the European Commission, obliging them to protect your personal data; or
- where the recipient is located in the US, it might be a certified member of the EU-US Privacy Shield scheme.
In other circumstances the law may permit us to otherwise transfer your personal data outside the EEA. In all cases, however, we will ensure that any transfer of your personal data is compliant with data protection law.
We maintain strict security standards and procedures with a view to preventing unauthorised access to your personal data by anyone, including our staff. We use leading technologies such as (but not limited to) data encryption, firewalls and server authentication to protect the security of your personal data. All HSBC Group members, all our staff and whenever we hire third parties to provide support services, are required to observe our privacy standards and to allow us to audit them for compliance.
5. Use made of your personal data
We may use your personal data in the following ways:
- To ensure that content from our Site is presented in the most effective manner for you and for your computer (or mobile device).
- To allow you to participate in any interactive features of our Site, when you choose to do so.
We are entitled to use your personal data in these ways because:
- by continuing to browse the Site, you are consenting to the processing of personal data;
- we have legal and regulatory obligations that we have to discharge;
- we may need to in order to establish, exercise or defend our legal rights or for the purposes of legal proceedings; or
The use of your personal data as described is necessary for our legitimate business interests (or the legitimate interests of one or more of our affiliates), such as enabling us to improve the Site and deliver a better and more personalised service.
6. Disclosure of your personal data
Apart from in the situations described below, we will not share your personal data with entities outside of the HSBC Group.
We may disclose your personal data to third parties in the following situations:
- In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
- If HSBC Group Management Services Limited or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
- If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Site Terms and Conditions and other agreements or to protect the rights, property, or safety of the HSBC Group, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
7. Retention of personal data
How long we hold your personal data for will vary. The retention period will be determined by various criteria including:
- the purpose for which we are using it – we will need to keep the data for as long as is necessary for that purpose; and
- legal obligations – laws or regulation may set a minimum period for which we have to keep your personal data.
8. Third Party Sites
The Site may, from time to time, contain links to other websites ('Third Party Sites'). If you follow a link to any of these Third Party Sites, please note that these Third Party Sites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these Third Party Sites.
9. Social media
We work with trusted third parties, including social network sites like Facebook, and with application developers who specialise in social media so we can connect to your social networks. Other social networks we use include Twitter and YouTube. All of these companies operate Third Party Sites. We provide access to this Site by third parties and business partners so we can generate interest in our products and services among members of your social networks and to allow you to share product and service interests with friends in your network.
We cannot control how your personal data is collected, stored, used or shared by these Third Party Sites or to whom it is disclosed. Please be sure to review the privacy policies and privacy settings on your social networking sites to make sure you understand the information they are sharing. If you do not want a Third Party Site to share information about you, you must contact that site and determine whether it gives you the opportunity to opt-out of sharing such information. We are not responsible for how these Third Party Sites may use information collected from or about you.
10. Access to personal data
You have a number of legal rights in relation to the personal data that we hold about you. These rights include:
- the right to obtain information regarding the processing of your personal data and access to the personal data which we hold about you;
- the right to withdraw your consent to our processing of your personal data at any time. Please note, however, that we may still be entitled to process your personal data if we have another legitimate reason (other than consent) for doing so.
- in some circumstances, the right to receive some personal data in a structured, commonly used and machine-readable format and/or request that we transmit those data to a third party where this is technically feasible. Please note that this right only applies to personal data which you have provided to us;
- the right to request that we rectify your personal data if it is inaccurate or incomplete;
- the right to request that we erase your personal data in certain circumstances. Please note that there may be circumstances where you ask us to erase your personal data but we are legally entitled to retain it;
- the right to request that we restrict our processing of your personal data in certain circumstances. Again, there may be circumstances where you ask us to restrict our processing of your personal data but we are legally entitled to refuse that request; and
- the right to lodge a complaint with the data protection regulator (details of which are provided below) if you think that any of your rights have been infringed by us.
You can exercise your rights by contacting us using the details set out in the “Contacting” section below.
You can find out more information about your rights by contacting the Information Commissioner, or by searching their website at https://ico.org.uk/.
If you’d like further information on anything we’ve said in this privacy notice, or to contact our Data Protection Officer, contact us at P.O. Box 6201, Coventry CV3 9HW, UK addressed ‘for the attention of the DPO’.