CALIFORNIA CONSUMER PRIVACY ACT (CCPA) STATEMENT
This PRIVACY STATEMENT FOR CALIFORNIA RESIDENTS supplements the information contained in our Online Privacy Statement and applies to individuals who reside in the State of California. HSBC provides this notice to comply with the California Consumer Privacy Act of 2018 (“CCPA”). To the extent this notice conflicts with our Online Privacy Statement, this notice governs for California residents.
About this Notice
HSBC = HSBC Bank USA, N.A., its banking and non-banking U.S. affiliates and subsidiaries and service providers (collectively, "HSBC ", "we", "our" and “us”).
You/Your = Customers, consumers, employees, applicants, contractors, and visitors (including their agents and representatives) of the entity or party you are acting on behalf of.
The specific Personal Information that we collect, use, and disclose relating to a California resident covered by the CCPA will vary based on our relationship or interaction with that individual. For example, this Notice does not apply with respect to information that we collect about California residents who apply for or obtain our financial products and services for personal, family, or household purposes. For more information about how we collect, disclose, and secure information relating to these customers, please refer to our general Consumer Privacy Notice.
Category |
Examples |
Business Purposes for Collection and Disclosure |
Identifiers |
Name, user name, passwords, Personal Identification Number (PIN), tokens, other authentication information including security challenge response. |
We collect and disclose this information to help us identify and authenticate you, for fraud prevention and similar purposes.
Provide services.
Legal compliance.
Perform analytics.
Personalize your experiences.
As necessary or appropriate to protect our rights, property or safety of us, or those of our clients or others.
To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
Communicating with you.
To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collections.
To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets. |
Account Number, Mortgage Numbers, Credit Card Number, Insurance Policy Number |
We collect this personal information to help us service your account.
Legal compliance.
Personalize your experiences.
As necessary or appropriate to protect our rights, property or safety of us, or those of our clients or others.
To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
Communicating with you.
To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collections.
To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets. |
|
Address, Phone numbers, E-Mail address |
We collect contact details as needed to identify you, contact you and do business with you.
Legal compliance.
Fraud detection and prevention.
Complying with legal process and requests.
Provide services.
Perform analytics.
Personalize your experiences.
As necessary or appropriate to protect our rights, property or safety of us, or those of our clients or others.
To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
Communicating with you.
To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collections.
To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets.
|
|
Biometric Data |
Facial Geometry, Finger Prints, Retina Scans, Voice Print, Physical Characteristics |
We collect this information for authentication purposes prior to disclosing any information about your account.
Legal compliance.
As necessary or appropriate to protect our rights, property or safety of us, or those of our clients or others.
To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets. |
Communications Data |
Information about and contained in communications between you and us. Call logs, Call recording, Text or Email Messages |
We collect communications data as needed to service your account and do business with you.
Legal compliance.
Perform analytics.
As necessary or appropriate to protect our rights, property or safety of us, or those of our clients or others.
To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
Communicating with you.
To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collections.
To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets. |
Demographic Data |
Gender, ethnicity, nationality, place of birth, marriage status, residency status, military/veteran status |
We collect demographic information as needed to identify you, contact you and do business with you.
Legal compliance.
Provide services.
Fraud detection and prevention.
Personalize your experiences.
As necessary or appropriate to protect our rights, property or safety of us, or those of our clients or others.
To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
Communicating with you.
To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collections.
To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets. |
Financial and Transaction Information |
Information for our financial review to service your account or from payments processing pertaining to executed transactions. For example, transaction date, transaction amount, product account transactions. Also information such as Tax documentation, Income info, paystubs |
We collect financial and transaction information in order to provide you the financial products and services you request.
Legal compliance.
Perform analytics.
Personalize your experiences.
As necessary or appropriate to protect our rights, property or safety of us, or those of our clients or others.
To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
Communicating with you.
To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collections.
To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets. |
Government Issued Identification |
Information used to identify and verify relevant individuals Examples include Passport Number, State Issued Drivers’ License Number or ID numbers, Social Security Number / Taxpayer Identification Number, Alien Registration Number
|
We collect this information to help us identify and authenticate you, for fraud prevention and similar purposes.
Legal compliance.
As necessary or appropriate to protect our rights, property or safety of us, or those of our clients or others.
To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collections.
To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets. |
Health Data |
Information collected surrounding an individual's health. Medical information, disability data, genetic information |
We collect health data as needed to service your account and do business with you.
Legal compliance.
Personalize your experiences.
As necessary or appropriate to protect our rights, property or safety of us, or those of our clients or others.
To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets. |
Legal / Court Data |
Legal/Court Case, Docket numbers, property registration information |
We collect legal / court data as needed to service your account and do business with you.
Legal compliance.
Fraud detection and prevention.
As necessary or appropriate to protect our rights, property or safety of us, or those of our clients or others.
To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collections.
To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets. |
Online / Digital Data |
IP address, Web browsing History, Unique Device Identifier, Cookie data, Apps Downloaded or Used, geographic tracking information |
We collect online and digital data to personalize your interactions with us and to administer and optimize our sites.
Legal compliance.
Fraud detection and prevention.
As necessary or appropriate to protect our rights, property or safety of us, or those of our clients or others.
To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
Communicating with you.
To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collections.
To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets. |
Sensitive Personal Information |
Religion, Race, Political affiliation, government identifiers, biometrics, health data |
We only collect and process sensitive personal information as specifically allowed under the CCPA and do not collect or process sensitive personal information for the purposes of inferring characteristics about a consumer as defined by the CCPA.
We collect sensitive personal data during the onboarding process with the intention of developing a complete and accurate “Know Your Customer” KYC profile in line with regulatory requirements.
In addition: · We collect and disclose biometrics for authentication purposes prior to disclosing any information about your account and for the other purposes disclosed for biometrics above. · We collect and disclose government identifiers to help us identify and authenticate you, for fraud prevention and similar purposes; for legal compliance; to comply with legal process and requests; and for the other purposes disclosed for identifiers above. · We collect and disclose health data to service your account and do business with you, to comply with law and legal process, to personalize your experiences, and for the other purposes disclosed for health data above. |
Inferences |
Inferences drawn from any of the information (excluding Sensitive Personal Information which we do not draw inferences from) reflecting the consumer’s preferences, characteristics, predispositions, and behavior. |
We use inferred data to understand the propensities and attributes of individuals and households for internal analytics programs, scoring and non-personalized advertising. We use inferred and derived data for information security and fraud purposes. Personalize your experiences on our websites. As necessary or appropriate to protect our rights, property or safety of us, or those of our clients or others. To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations. Communicating with you. To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collections. To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets. |
Category |
Examples |
Business Purposes for Collection and Disclosure |
Identifiers |
Name, user name, passwords, Personal Identification Number (PIN), tokens, other authentication information including security challenge response. |
We collect and disclose this information to help us identify and authenticate you, for fraud prevention and similar purposes.
Provide services.
Legal compliance.
Perform analytics.
Personalize your experiences.
As necessary or appropriate to protect our rights, property or safety of us, or those of our clients or others.
To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
Communicating with you.
To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collections.
To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets. |
Account Number, Mortgage Numbers, Credit Card Number, Insurance Policy Number |
We collect this personal information to help us service your account.
Legal compliance.
Personalize your experiences.
As necessary or appropriate to protect our rights, property or safety of us, or those of our clients or others.
To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
Communicating with you.
To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collections.
To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets. |
|
Address, Phone numbers, E-Mail address |
We collect contact details as needed to identify you, contact you and do business with you.
Legal compliance.
Fraud detection and prevention.
Complying with legal process and requests.
Provide services.
Perform analytics.
Personalize your experiences.
As necessary or appropriate to protect our rights, property or safety of us, or those of our clients or others.
To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
Communicating with you.
To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collections.
To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets.
|
|
Biometric Data |
Facial Geometry, Finger Prints, Retina Scans, Voice Print, Physical Characteristics |
We collect this information for authentication purposes prior to disclosing any information about your account.
Legal compliance.
As necessary or appropriate to protect our rights, property or safety of us, or those of our clients or others.
To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets. |
Communications Data |
Information about and contained in communications between you and us. Call logs, Call recording, Text or Email Messages |
We collect communications data as needed to service your account and do business with you.
Legal compliance.
Perform analytics.
As necessary or appropriate to protect our rights, property or safety of us, or those of our clients or others.
To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
Communicating with you.
To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collections.
To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets. |
Demographic Data |
Gender, ethnicity, nationality, place of birth, marriage status, residency status, military/veteran status |
We collect demographic information as needed to identify you, contact you and do business with you.
Legal compliance.
Provide services.
Fraud detection and prevention.
Personalize your experiences.
As necessary or appropriate to protect our rights, property or safety of us, or those of our clients or others.
To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
Communicating with you.
To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collections.
To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets. |
Financial and Transaction Information |
Information for our financial review to service your account or from payments processing pertaining to executed transactions. For example, transaction date, transaction amount, product account transactions. Also information such as Tax documentation, Income info, paystubs |
We collect financial and transaction information in order to provide you the financial products and services you request.
Legal compliance.
Perform analytics.
Personalize your experiences.
As necessary or appropriate to protect our rights, property or safety of us, or those of our clients or others.
To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
Communicating with you.
To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collections.
To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets. |
Government Issued Identification |
Information used to identify and verify relevant individuals Examples include Passport Number, State Issued Drivers’ License Number or ID numbers, Social Security Number / Taxpayer Identification Number, Alien Registration Number
|
We collect this information to help us identify and authenticate you, for fraud prevention and similar purposes.
Legal compliance.
As necessary or appropriate to protect our rights, property or safety of us, or those of our clients or others.
To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collections.
To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets. |
Health Data |
Information collected surrounding an individual's health. Medical information, disability data, genetic information |
We collect health data as needed to service your account and do business with you.
Legal compliance.
Personalize your experiences.
As necessary or appropriate to protect our rights, property or safety of us, or those of our clients or others.
To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets. |
Legal / Court Data |
Legal/Court Case, Docket numbers, property registration information |
We collect legal / court data as needed to service your account and do business with you.
Legal compliance.
Fraud detection and prevention.
As necessary or appropriate to protect our rights, property or safety of us, or those of our clients or others.
To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collections.
To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets. |
Online / Digital Data |
IP address, Web browsing History, Unique Device Identifier, Cookie data, Apps Downloaded or Used, geographic tracking information |
We collect online and digital data to personalize your interactions with us and to administer and optimize our sites.
Legal compliance.
Fraud detection and prevention.
As necessary or appropriate to protect our rights, property or safety of us, or those of our clients or others.
To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
Communicating with you.
To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collections.
To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets. |
Sensitive Personal Information |
Religion, Race, Political affiliation, government identifiers, biometrics, health data |
We only collect and process sensitive personal information as specifically allowed under the CCPA and do not collect or process sensitive personal information for the purposes of inferring characteristics about a consumer as defined by the CCPA.
We collect sensitive personal data during the onboarding process with the intention of developing a complete and accurate “Know Your Customer” KYC profile in line with regulatory requirements.
In addition: · We collect and disclose biometrics for authentication purposes prior to disclosing any information about your account and for the other purposes disclosed for biometrics above. · We collect and disclose government identifiers to help us identify and authenticate you, for fraud prevention and similar purposes; for legal compliance; to comply with legal process and requests; and for the other purposes disclosed for identifiers above. · We collect and disclose health data to service your account and do business with you, to comply with law and legal process, to personalize your experiences, and for the other purposes disclosed for health data above. |
Inferences |
Inferences drawn from any of the information (excluding Sensitive Personal Information which we do not draw inferences from) reflecting the consumer’s preferences, characteristics, predispositions, and behavior. |
We use inferred data to understand the propensities and attributes of individuals and households for internal analytics programs, scoring and non-personalized advertising. We use inferred and derived data for information security and fraud purposes. Personalize your experiences on our websites. As necessary or appropriate to protect our rights, property or safety of us, or those of our clients or others. To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations. Communicating with you. To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collections. To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets. |
CCPA provides California residents with the right to opt-out of the sale or sharing of their personal information.
HSBC does not offer an opt-out from the sale or sharing of personal information because we do not engage in the sale or sharing of personal information as contemplated by the CCPA. Additionally, we do not knowingly sell or share information regarding children under the age of 16.
How Long We Retain Your Information
HSBC retains Personal Information consistent with our record retention policies and as required by law. This enables us to comply with legal and regulatory requirements or use it where we need to for our legitimate purposes such as managing your account and dealing with any disputes or concerns that may arise. We may need to retain your information for a longer period where we need the information to comply with regulatory or legal requirements, or where we have another lawful reason to do so, e.g. fighting fraud and financial crime, responding to requests from regulators, etc. If we don’t need to retain information for this period of time, we may destroy, delete or anonymize it consistent with our records retention policies.
Our Sources of Information
We obtain information from the following categories of sources:
- Directly from individuals or their agents. For example, from documents that you provide to us in order to apply, obtain, or maintain our services.
- Indirectly from individuals or their agents. For example, through information we collect in the course of providing services to you, such as information collected during customer care interactions.
- From vendors and third party service providers that provide services on our behalf. For example, information required for marketing, account opening, and servicing.
- Directly and indirectly from activity on our websites or partner websites or via mobile applications. For example, from submissions through our website portal or website usage details collected automatically.
Recipients of Disclosures for Business Purposes
We disclose personal information for the business purposes described above. When we disclose personal information for a business purpose, we enter a contract that describes the purposes and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.
We disclose your personal information for a business purpose to the following categories of third parties:
- Our affiliates.
- Service providers that act on our behalf, such as data storage providers, email providers, and advisors.
- Third parties to whom you or your agents authorize us to disclose your personal information in connection with products or services we provide to you.
Your Rights under CCPA
The CCPA provides California residents with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.
Among other rights provided by CCPA, you have the right to request access to the personal information we collect about you, the right to request that we correct the personal information we collect, the right to request that we delete the personal information we have collected from you, and the right not to receive discriminatory treatment for the exercise of your CCPA privacy rights.
To exercise these rights, you may complete the webform located at us.hsbc.com/ccparequest or contact us at (855) 630-4174. In your request, you are asked to provide the following:
Required Information:
- First Name & Last Name
- Purpose of your request (access, know, correct or delete)
- Current California Residential Address
- Indicate whether you have or had an HSBC account and what type of account or whether you’ve been employed by HSBC
- Preferred method of receiving HSBC’s response (mail / email)
- E-mail Address – required if requesting response by email
- Phone number – required for verification purposes (through which we may contact you or other person)
- If you are submitting this request on behalf of another person, please provide this additional information:
o Your name
o Your contact information
o What is your authorization to make this request?
i. Registered with the California Secretary of State
ii. Power of Attorney; or
iii. Parent/Legal Guardian of a Minor
Optional Information:
- Alternate / previous address that might help us identify you or the California resident whose personal data is being requested in our systems. Examples include:
o An address used for HSBC Account (if different than current California Residential Address)
o Previous residential / business address
- Last four digits of your or the other person’s Social Security Number
- Last four digits of your or the other person’s current / previous HSBC account
- Other information that may help us identify you or the other person, for example middle name, maiden name, suffix, nickname, etc.
Please note that your request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot provide you with personal information if we cannot verify your identity or authority to make the request or we cannot confirm the personal information relates to you. Making a request does not require you to create an account with us. We will only use personal information provided in your request to verify your identity or authority to make the request.
We process sensitive personal information only for those purposes expressly permitted under California law.
Changes to Our CCPA Statement
We reserve the right to amend this privacy statement at our discretion and at any time. When we make changes to this privacy statement, we will notify you by email or through a notice on this page.
Click here † to access a printable version of the California Customer Privacy Act (CCPA) Statement.
Published: December 2022
† Viewing PDF files require the use of Adobe Acrobat Reader. If you do not already have Adobe Acrobat Reader, you can download it online. After downloading the software, follow the instructions for installing the program. If you prefer, you can always download the files now and open them offline later.