blue fin
privacy policy

Before we begin

This notice (Privacy Notice) applies to personal information held by members of the HSBC Group as data controllers, as described below. It explains what information we collect about you, how we’ll use that information, who we’ll share it with, and the circumstances when we’ll share it and what steps we’ll take to make sure it stays private and secure. It continues to apply even if your lease agreement with us ends. It should also be read alongside your lease agreement.

This Privacy Notice relates solely to the lease agreement you have with us.

Wherever we’ve said ‘you’ or ‘your’, this means you, any authorised person and other related people (including authorised representatives, signatories and partners). When we say ‘we’, we mean HSBC Group companies which act as a data controller in respect of your personal data.

The data controller for the purposes of this notice will be HSBC Global Services (UK) Limited, with a registered address of 8 Canada Square, London E14 5HQ.

What information we collect

We’ll only collect your information in line with relevant regulations and law. We may collect it from a range of sources, including landlords, representatives and tenants.

Some of the information will come directly from you, e.g. when you provide ID to enter into a lease agreement. It can also come from the other parties to the lease agreement, your legal advisor, financial advisor, broker or mortgage intermediary, other HSBC companies, or other sources you’ve asked us to obtain information from. We might also get some of it from publicly available sources.

The information that we collect from you may include information relating to an employee, director or any other person who exercises control over an entity (“Controlling Person”). For a trust, a Controlling Person may include a settlor, a trustee, a protector, beneficiaries and classes of beneficiaries. We may also collect information relating to individuals connected with a director, an entity or a Controlling Person, such as any guarantor, a director or officer of a company, partners or members of a partnership, or beneficial owner, trustee, settlor or protector of a trust, account holder of a designated account, payee of a designated payment, your representative, agent or nominee, or any other persons or entities with whom you have a relationship that is relevant to your relationship with the HSBC Group companies (“Connected Person”). Prior to providing information to us relating to a Controlling Person, a Connected Person or any other person, you shall ensure that they have consented to us processing their information as set out in this notice.

The information we collect may include:
Information that you provide to us, e.g.:

  • personal details, e.g. name, previous names, gender, occupation, date and place of birth;
  • contact details, e.g. address, email address, landline and mobile numbers;
  • information concerning your identity e.g. photo ID, passport information, National Insurance number, tax number, National ID card and nationality;
  • market research, e.g. information and opinions expressed when participating in market research;
  • other information about you that you give us by filling in forms or by communicating with us, whether face-to-face, by phone, email, online, or otherwise.
  • Banking information, e.g. details or instructions in order for us to make payments to you or receive payments from you

Information we collect or generate about you, e.g.:

  • information about your relationship with us; your bank account details (and those of your managing agent);
  • information we use to identify and authenticate you (e.g. your signature, additional information that we receive from external sources that we need for compliance purposes);
  • risk rating information, e.g. credit risk rating, transactional behaviour and underwriting information;
  • investigations data, e.g. due diligence checks, sanctions and anti-money laundering checks, external intelligence reports, content and metadata related to relevant exchanges of information between and among individuals, organisations, including emails, voicemail, live chat;
  • records of correspondence and other communications between us, including email, live chat, instant messages and social media communications;
  • information that we need to support our regulatory obligations, e.g. information about transaction details, detection of any suspicious and unusual activity and information about parties connected to you or these activities.

How we’ll use your information

We’ll only use your information where we have your consent or we have another lawful reason for using it. These reasons include where we:

  • need to pursue our legitimate interests;
  • need to process the information to carry out a contractual agreement we have with you;
  • need to process the information to comply with a legal obligation;
  • have received your consent to process your information; or
  • believe the use of your information as described is in the public interest e.g. for the purpose of preventing or detecting crime.

The reasons we use your information include to:

  • approve, manage, administer or effect the property agreement between us;
  • meet the compliance obligations of the HSBC Group;
  • conduct financial crime (which includes money laundering, terrorist financing, bribery, corruption, tax evasion, fraud, evasion of economic or trade sanctions, and any act or attempt to circumvent or violate any law relating to these matters) risk management activity (which will include making further enquiries as to the status of a person or entity, whether they are subject to a sanctions regime, or confirming their identity and status);
  • if applicable, collect any amounts due and outstanding from you;
  • conduct credit checks and obtaining or providing credit references (where you are a potential tenant of the HSBC Group);
  • enforce or defend our rights; and/or
  • verify your identity;

Further details of how we’ll use your information can be found in the Appendix below.

Tracking or recording what you say or do

To help keep you and your interests safe, we may record details of your interactions with us. We may record and keep track of conversations you have with us including phone calls, face-to-face meetings, letters, emails, live chats, video chats and any other kinds of communication. We may use these recordings to check your instructions to us, manage risk or to prevent and detect fraud and other crimes. We may also capture additional information about these interactions, such as telephone numbers that you call us from and information about the devices or software that you use. We use closed circuit television (CCTV) in and around our sites and these may collect photos or videos of you, or record your voice.

Compliance with laws and regulatory compliance obligations

We’ll use your information to meet our compliance obligations, to comply with other laws and regulations and to share with regulators and other authorities that HSBC Group companies are subject to. This may include using it to help detect or prevent crime (including terrorism financing, money laundering and other financial crimes). We’ll only do this on the basis that it’s needed to comply with a legal obligation or it’s in our legitimate interests and that of others to do so.

Who we might share your information with

We may share your information with others where lawful to do so including where we or they:

  • have a public or legal duty to do so, e.g. to assist with detecting and preventing fraud, tax evasion and financial crime;
  • need to in connection with regulatory reporting, litigation or asserting or defending legal rights and interests;
  • have a legitimate business reason for doing so, e.g. to manage risk, verify your identity, or assess your suitability for entering into a contractual agreement or lease with HSBC; and
  • have asked you for your permission to share it, and you’ve agreed.

We may share your information for these purposes with others including:

  • other HSBC group companies and any sub-contractors, agents or service providers who work for us or provide services to us or other HSBC Group companies (including their employees, sub-contractors, service providers, directors and officers);
  • people who give guarantees or other security for any amounts you owe us;
  • tax authorities, trade associations, credit reference agencies, payment service providers and debt recovery agents;
  • any people or companies where required in connection with potential or actual corporate restructuring, merger, acquisition or takeover, including any transfer or potential transfer of any of our rights or duties under our agreement with you;
  • law enforcement, government, courts, dispute resolution bodies, our regulators, auditors and any party appointed or requested by our regulators to carry out investigations or audits of our activities;
  • other parties involved in any disputes, including disputed transactions;
  • fraud prevention agencies who’ll also use it to detect and prevent fraud and other financial crime and to verify your identity;
  • anyone who provides instructions or operates any of your accounts on your behalf, e.g. Power of Attorney, solicitors, intermediaries, etc.;
  • anybody else that we’ve been instructed to share your information with by either you, a joint account holder or anybody else who provides instructions or operates any of your accounts on your behalf; and/or
  • fraud and risk checks.

How long we’ll keep your information

We keep your information in line with our data retention policy. For example we will normally keep your core lease agreement data for a period of seven years from the end of our relationship with you.

This enables us to comply with legal and regulatory requirements or use it where we need to for our legitimate purposes such as managing your property agreement and dealing with any disputes or concerns that may arise.

We may need to retain your information for a longer period where we need the information to comply with regulatory or legal requirements or where we may need it for our legitimate purposes e.g. to help us respond to queries or complaints, fighting fraud and financial crime, responding to requests from regulators, etc.

If we don’t need to retain information for this period of time, we may destroy, delete or anonymise it more promptly.

Transferring your information overseas

Your information may be transferred to and stored in locations outside the European Economic Area (EEA), including countries that may not have the same level of protection for personal information. When we do this, we’ll ensure it has an appropriate level of protection and that the transfer is lawful. We may need to transfer your information in this way to carry out our contract with you, to fulfil a legal obligation, to protect the public interest and / or for our legitimate interests. In some countries the law might compel us to share certain information, e.g. with tax authorities. Even in these cases, we’ll only share your information with people who have the right to see it.

You can obtain more details of the protection given to your information when it is transferred outside the EEA by contacting us using the details in the ‘More details about your information’ section below.

Your rights
You have a number of rights in relation to the information that we hold about you. These rights include:

  • the right to access information we hold about you and to obtain information about how we process it;
  • in some circumstances, the right to withdraw your consent to our processing of your information, which you can do at any time. We may continue to process your information if we have another legitimate reason for doing so;
  • in some circumstances, the right to receive certain information you have provided to us in an electronic format and / or request that we transmit it to a third party;
  • the right to request that we rectify your information if it’s inaccurate or incomplete;
  • in some circumstances, the right to request that we erase your information. We may continue to retain your information if we are entitled or required to retain it;
  • the right to object to, and to request that we restrict, our processing of your information in some circumstances. Again, there may be situations where you object to, or ask us to restrict, our processing of your information but we are entitled to continue processing your information and / or to refuse that request.

You can exercise your rights by contacting us using the details set out in the ‘More details about your information’ section below. You also have a right to complain to data protection regulator in the country where you live or work.

Credit Reference Checks, Fraud and Money Laundering

Credit Reference Checks (applicable to sub-tenants only) If you are a sub-tenant, we may perform credit and identity checks on you with one or more credit reference agencies (CRAs). When you use our banking services, we may also make periodic searches at CRAs to manage your account with us.

To do this, we’ll supply your personal information to CRAs and they’ll give us information about you. This will include information from your credit application and about your financial situation and financial history. CRAs will supply us with both public (including the electoral register) and shared credit information, financial situation, history and fraud prevention information.

We may use this information to:

  • assess if we you are able to perform the financial obligations placed on you under the property agreement;
  • verify the accuracy of the data you have provided to us;
  • prevent criminal activity, fraud and money laundering;
  • manage your property agreement;
  • trace and recover debts;
  • ensure any offers provided to you are appropriate to your circumstances.

Consequences of Processing
If we, or a fraud prevention agency, have reason to believe there is a fraud or money laundering risk, we may refuse to enter into the property agreement with you or terminate the existing relationship. A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services to you. The information we hold about you could make it easier or harder for you to get credit in the future.

What we need from you
You’re responsible for making sure the information you give us is accurate and up to date, and you must tell us if anything changes as soon as possible. If you provide information for another person on your account, you’ll need to direct them to this notice and make sure they agree to us using their information as described in it.

How we keep your information secure
We use a range of measures to keep your information safe and secure which may include encryption and other forms of security. We require our staff and any third parties who carry out any work on our behalf to comply with appropriate compliance standards including obligations to protect any information and applying appropriate measures for the use and transfer of information.

More details about your information
If you’d like further information on anything we’ve said in this Privacy Notice, or to contact our Data Protection Officer, contact us at [email protected]. We will then direct your enquiry to the correct contact for your jurisdiction.

This Privacy Notice may be updated from time to time and any such updates will be communicated to you by HSBC.

Appendix – How we process your information

We’ll use your information for purposes including:

  • To deliver our services We’ll do this in order to perform our contract with you;
  • To prevent and detect crime including e.g. fraud, terrorist financing and money laundering: this will include monitoring, mitigation and risk management, carrying out customer due diligence, name screening, transaction screening and customer risk identification. We do this to comply with our legal obligations and because it is in our legitimate interest. We may share your information with relevant agencies, law enforcement and other third parties where the law allows us to for the purpose of preventing or detecting crime. Additionally we and other financial institutions may take steps to help prevent financial crime and manage risk. We’ll do this because we have a legitimate interest, a legal obligation to prevent or detect crime or it’s in the public interest. We may be required to use your information to do this, even if you’ve asked us to stop using your information. That could include (among other things):
  • screening, intercepting and investigating any payments, instructions or communications you send or receive (including drawdown requests and application forms);
  • investigating who you’re paying or who’s paying you, e.g. checks on payments into and out of your account and other parties related to those payments;
  • passing information to relevant agencies if we think you’ve given us false or inaccurate information, or we suspect criminal activity;
  • combining the information we have about you with information from other HSBC companies to help us better understand any potential risk;
  • checking whether the people or organisations you’re paying or receiving payments from are who they say they are, and aren’t subject to any sanctions.

Protecting our legal rights:
we may need to use your information to protect our legal rights, e.g. in the case of defending or the protection of legal rights and interests (e.g. collecting money owed, enforcing or protecting our security or defending rights of intellectual property); court action; managing complaints or disputes; in the event of a restructuring of companies or other mergers or acquisition. This may be in connection with action taken against you or other persons, e.g. joint borrowers or persons who give a guarantee or other security for your obligations to us. We would do on the basis that it is in our legitimate interests to do so.