This privacy notice explains how we will use the information you provide, or which we collect, in order to provide you with the HSBC Open Payments service.
This Privacy Notice does not apply to your relationship or services with other parts of the HSBC Group (e.g. HSBC UK, HSBC business banking, First Direct, M&S Bank or HSBC in any other countries); they’ll provide you with information separately where required.
How we collect and use your information
This Privacy Notice provides information on:
- the types of information we collect about you
- how we collect and use it
- who we might share it with
- the steps we’ll take to make sure it stays private and secure
- your rights to your information.
Who we are
When we say ‘we’ or ‘us’, we mean HSBC UK Bank plc, which acts as a data controller in respect of your personal data.
What information we collect
We’ll only collect your information in line with relevant regulations and law. Some of it will come directly from you, e.g. when you interact with the HSBC Open Payments service. We might also get some of it from third parties, or publicly available sources.
Information that you provide to us, e.g.:
- your bank account provider that you are making the payment from
Information that we collect or generate about you, e.g.:
- information about your device or the software you use, e.g. its IP address
- cookies and similar technologies we use to recognise you and remember your preferences - our cookie policy contains more details about how we use cookies and can be found at www.hsbc.co.uk/1/2//cookie-policy
- information that we need to support our regulatory obligations, e.g. information about transaction details, consent and authorisation of payment initiation
Information we collect from other sources, e.g.:
- information identifying your payment, collected from the retailer you are purchasing the goods and/or services from, such as, price, currency, order ID, time and date of transaction;
- information from your bank account provider that you are making the payment from, such as, payment references and confirmation of payment initiation
How we’ll use your information
We’ll only use your information where we have a lawful reason for using it. These reasons include where we:
- need to pursue our legitimate interests (e.g. troubleshooting of the HSBC Open Payments service)
- need to process the information to enter into or carry out an agreement we have with you (e.g. initiate payment)
- need to process the information to comply with a legal obligation (e.g. fraud)
- believe the use of your information as described is in the public interest, e.g. for the purpose of preventing or detecting crime; or need to establish, exercise or defend our legal rights.
The reasons we use your information include to:
- initiate payments from an online supplier (who provides you with goods and/or services) meaning that you can pay for the goods and /or services directly from your bank account
- carry out your instructions
- comply with our legal and regulatory obligations
- resolve disputes
- improve the HSBC Open Payments service including analysing how you use it
- troubleshooting of the HSBC Open Payments service
- assist in facilitating refunds
Who we might share your information with
We may share your information with others where lawful to do so including where we or they:
- need to in order to provide you with the HSBC Open Payments service you’ve requested, e.g. carrying out a payment request
- have a public or legal duty to do so, e.g. to assist with detecting and preventing fraud
- need to in connection with regulatory reporting
- have a legitimate business reason for doing so, e.g. to verify your identity, to enable provision of the HSBC Open Payments service, or assess your suitability for HSBC Open Payments
- help support operational processes such as dispute management
- have asked you for your permission to share it, and you’ve agreed.
We may share your information with others, including:
- any member of the HSBC Group;
- any sub-contractors, agents, advisers or service providers of the HSBC Group (including their employees, directors and officers);
- any regulatory authorities of the HSBC Group;
- third parties such as our vendor who supplies us with the technology for the service, the retailer you made the payment to and bank account provider you made the payment from;
- government, dispute resolution bodies, our regulators, auditors and any party appointed or requested by our regulators to carry out investigations or audits of our activities;
- other parties involved in any disputes, including disputed transactions;
How long we’ll keep your information
We keep your information in line with our data retention policy. We may need to retain your information for a longer period where we need the information to comply with regulatory or legal requirements or where we may need it for our legitimate purposes. If we don't need to retain information for this period of time, we may destroy, delete or anonymise it more promptly.
How we keep your information secure
We use a range of measures to keep your information safe and secure which may include encryption and other forms of security. We require our staff and any third parties who carry our any work on our behalf to comply with appropriate compliance standards including obligations to protect any information and applying appropriate measures for the use and transfer of information.
Transferring your information overseas
Your information may be transferred to and stored in locations outside of the United Kingdom [or the European Economic Area] including countries that may not have the same level of protection for personal information. When we do this, we'll ensure it has an appropriate level of protection and that the transfer is lawful. We may need to transfer your information in this way to carry out our contract with you, to fulfil a legal obligation, to protect the public interest and/or for our legitimate interests. In some countries the law might compel us to share certain information. Even in these cases, we'll only share your information with people who have a right to see it.