HSBC = HSBC Bank USA, N.A., its banking and non-banking U.S. affiliates and subsidiaries and service providers (collectively, "HSBC ", "we", "our" and “us”).

You/Your = Customers, consumers, employees, applicants, contractors, and visitors (including their agents and representatives) of the entity or party you are acting on behalf of.

The specific Personal Information that we collect, use, and disclose relating to a California resident covered by the CCPA will vary based on our relationship or interaction with that individual. For example, this Statement does not apply with respect to information that we collect about California residents who apply for or obtain our financial products and services for personal, family, or household purposes. For more information about how we collect, disclose, and secure information relating to these customers, please refer to our general Consumer Privacy Notice. 

HSBC collects information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“Personal Information”).  In particular, we may have collected the following categories of Personal Information within the last 12 months:

• Personal Identifiers: name, username, passwords, Personal Identification Number (PIN), tokens, or other authentication information including security challenge response, account number, mortgage number, credit card number, insurance policy number, physical or email address, phone numbers
• Biometric Data: facial geometry, fingerprints, retina scans, voice print, and physical characteristics
• Communication Data: information about communications between you and us, including call logs, call recording, text or email messages
• Demographic Data: gender, ethnicity, nationality, place of birth, marital status, residency and/or citizenship status, military and/or veteran status
• Education Information: education details and qualifications
• Financial and Transaction Information: such as information for our financial review to service your account or from payments processing pertaining to executed transactions. For example, transaction date, transaction amount, product account transactions. This also includes information such as tax documentation, income information and paystubs
• Legal Data: such as court case information, docket numbers, or property registration information
• Online or Digital Data: such as IP address, web browsing history, unique device identifier, cookie data, apps downloaded or used, and geographic tracking information
• Professional or Employment: salary, title, employment files, references
• Sensitive Personal Data: such as government identifiers (e.g. social security numbers, passport number, driver’s license number), an account log-in, financial account, debit or credit card number with any required security code, password or credentials allowing access to an account; precise geolocation, contents of mail, email and text messages, biometric information processed to identify a consumer, information concerning a consumer’s health or sexual orientation, information about religious or philosophical beliefs, race, or ethnic origin
• Inference Data: drawn from any of the above categories of information (excluding Sensitive Personal Data) reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes

In the past 12 months, we have collected Personal Information about California residents from the following categories of sources:

• Directly from you or your agents: For example, from documents that you provide to us to apply, obtain, or maintain our services
• Indirectly from you or your agents: For example, through information we collect while providing services to you, such as information collected during customer care interactions
• From vendors and third-party service providers that provide services on our behalf: For example, information required for marketing, account opening, and servicing
• Directly and indirectly from activity on our websites, our partner websites or via our mobile applications: For example, from submissions through our website portal or website usage details collected automatically

We disclose Personal Information for the business purposes described below. When we disclose Personal Information for a business purpose, we enter a contract that describes the purposes and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.

We disclose your Personal Information for a business purpose to the following categories of third parties:

• Our affiliates
• Service providers that act on our behalf, such as data storage providers, email providers, and advisors
• Third parties to whom you or your agents authorize us to disclose your personal information in connection with products or services we provide to you

We collect, use, and disclose Personal Information, including Sensitive Personal Information, relating to California residents for our business purposes as outlined below:

• To provide you with the financial products and services you request
• To identify and authenticate you, including during the onboarding process to develop a complete and accurate 'Know Your Customer' profile in alignment with our regulatory requirements
• To ensure compliance with any legal or regulatory requests, including to respond to law enforcement requests, requests from our supervisory agencies, or as required by applicable law, court order or government regulation
• To communicate with you
• As necessary or appropriate to protect our rights, property or safety, or those of our clients or others
• To carry out our obligations and enforce our rights arising from any contracts we have entered into, including for billing and collections
• To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets
• To personalize your interactions with us and to administer and optimize our sites
• To understand the propensities and attributes of individuals and households for internal analytics programs, scoring and non-personalized advertising

In addition:

• We collect and disclose biometrics for authentication purposes prior to disclosing any information about your account and for the other purposes disclosed for biometrics above.
• We collect and disclose government identifiers to help us identify and authenticate you, for fraud prevention and similar purposes; for legal compliance; to comply with legal process and requests; and for the other purposes disclosed for identifiers above.
• We collect and disclose health data to service your account and do business with you, to comply with law and legal process, to personalize your experiences, and for the other purposes disclosed for health data above.

We only collect and process Sensitive Personal Information as specifically allowed under the CCPA and do not collect or process Sensitive Personal Information for the purposes of inferring characteristics about a consumer as defined by the CCPA.

We collect, use, and disclose Personal Information, including Sensitive Personal Information, relating to California residents for our business purposes as outlined below:

HSBC does not offer an opt-out from the sale or sharing of personal information because we do not engage in the sale or sharing of personal information as contemplated by the CCPA. Additionally, we do not knowingly sell or share information regarding children under the age of 16.

HSBC retains Personal Information consistent with our record retention policies and as required by law. This enables us to comply with legal and regulatory requirements or use it where we need to for our legitimate purposes such as managing your account and dealing with any disputes or concerns that may arise. 

We may need to retain your information for a longer period where we need the information to comply with regulatory or legal requirements, or where we have another lawful reason to do so, e.g. fighting fraud and financial crime, responding to requests from regulators, etc. If we don’t need to retain information for this period, we may destroy, delete or anonymize it consistent with our records retention policies.

Optional information

• Alternate / previous address that might help us identify you or the California resident whose personal data is being requested in our systems. (Examples include an address used for HSBC Account (if different than current California Residential Address) or previous residential / business address)
• Last 4 digits of your or the other person’s Social Security Number
• Last 4 digits of your or the other person’s current / previous HSBC account
• Other information that may help us identify you or the other person, for example middle name, maiden name, suffix, nickname, etc.

Please note that your request must:

• Provide sufficient information that allows us to reasonably verify that you are the person about whom we collected personal information, or an authorized representative
• Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot provide you with your Personal Information if we cannot verify your identity, authority to make the request, or we cannot confirm that the Personal Information relates to you. Making a request does not require you to create an account with us. We will only use Personal Information provided in your request to verify your identity or authority to make the request.

We process Sensitive Personal Information only for those purposes expressly permitted under California law. 

We reserve the right to amend this privacy statement at our discretion and at any time. When we make changes to this privacy statement, we will notify you by email or through a notice on this page.

Open a printable version of the California Customer Privacy Act (CCPA) Statement¹

Published: December 2024

1. Viewing PDF files require the use of Adobe Acrobat Reader. If you do not already have Adobe Acrobat Reader, you can download it online. After downloading the software, follow the instructions for installing the program. If you prefer, you can always download the files now and open them offline later.