Privacy and security

To preserve the confidentiality of all information you provide to us, we have adopted the following policy with respect to privacy ("Privacy Policy").

In providing banking and financial services in Australia, HSBC Bank Australia Limited, and Hongkong and Shanghai Banking Corporation Limited, Sydney Branch ("HSBC", "we" "us") are bound by the Australian Privacy Principles under the Privacy Act 1988 (Cth) ("the Privacy Act"), our general law obligations of confidentiality to you and all other applicable guidelines and codes nationally.

All members of the HSBC Group take privacy seriously and are committed to observing HSBC’s privacy policies and information handling practices.

The HSBC Group is comprised of all its offices, branches, holding companies, subsidiaries, affiliates and any other entity in respect of which HSBC Holdings plc owns (directly or indirectly) 50% or more of the issued voting share capital or stock.

HSBC may disclose Personal Information to a number of HSBC Group companies and overseas Service Providers. For a list of countries in which HSBC operate and to whom it may disclose Credit Information, visit our website at or such other website as notified by HSBC (the "Website").

Our customers, account signatories, people and entities applying to open an Account with us or anyone associated with such people and entities and whose Personal Information has been provided to us are referred to in this Privacy Policy as "you".

By maintaining our commitment to this Privacy Policy, we at HSBC will ensure that we respect the inherent trust that you place in us.

This privacy policy deals with Personal Information that does not include your Credit Information. Please refer to our Credit Information Management Policy for information on how we collect, use, store and disclose information pertaining to your credit file and information which may impact your credit file. This policy is available at

Kinds of Personal Information we collect and hold

Personal Information is information or an opinion about you, or information or an opinion that may reasonably identify you, whether or not the opinion is true or not and whether or not the information is stored in material form or not.

We may collect the following Personal Information about you:

  • name;
  • address;
  • gender;
  • nationality;
  • residency status;
  • landline and mobile telephone numbers;
  • e-mail address;
  • personal website details;
  • Tax File Number;
  • the name and contact details of individuals listed as referees within credit applications provided to us;
  • the name and contact details of your professional advisers or representatives such as your solicitor, accountant, conveyancer, financial planner, etc.
  • financial information;
  • transaction information where you have a product with us or use a service provided by us; and
  • any details contained within identity documents provided to us (such as the maiden name of your mother in your birth certificate, government identifiers such as a passport number, drivers licence number, Medicare card number, etc.)

We may also collect information about your credit worthiness, credit history, credit eligibility, repayment history information and default information. For further information about how we collect, store and handle credit information please refer to our Credit Information Management Policy.

How we collect and hold Personal Information

HSBC collects Personal Information from you:

  • when you apply to us for a product or service we offer;
  • when you update your Personal Information or the Personal Information of another person held by us; and
  • when you contact us or visit our website.

There may be instances where we collect Personal Information about an individual from third parties who have applied for a product or service that we offer, such as:

  • where a company is an applicant and details of company officeholders or account signatories are provided to us by the individual(s) applying on behalf of the company;
  • where a trustee is an applicant and details of the trustees and beneficiaries are provided to us by the individual(s) applying on behalf of the trust; or
  • where an applicant provides the details of their referees and professional advisers.

Where you have provided us with the Personal Information of another person, you confirm that every person whose Personal Information has been provided to us has been notified of this and has agreed to the collection, processing, disclosure and transfer of their Personal Information as set out in this Privacy Policy and any of our terms and conditions. You also confirm that you will inform such persons that they may have rights of access to, and correction of, their Personal Information.

Where a customer deals with us via an agent or attorney we will also collect the Personal Information of the agent or attorney when or before we deal with such person(s). We may also receive your updated Personal Information from third parties where we are trying to locate you.

If you have an account with us, we will collect information regarding transactions on such account including the account details of the recipient of funds.

In the event we receive unsolicited Personal Information, we will determine within a reasonable period after its receipt whether or not we could have collected such Personal Information under the Australian Privacy Principles. If we determine that we could not have collected such Personal Information under the Australian Privacy Principles and the information is not a Commonwealth Government identifier, then we will as soon as practicable either destroy the Personal Information or otherwise ensure it is de-identified, provided that it is lawful to do so. Otherwise, we will hold, use and disclose such Personal Information in accordance with this policy.

HSBC holds your Personal Information in the following ways:

  • within its computerised systems such as computer hard drives, e-mail programmes and electronic servers;
  • within HSBC Group owned data centres offshore;
  • physically, stored on both HSBC's premises and in the external premises of our service providers; and,
  • within USB sticks (only on an exceptional basis).

Purposes for which we collect, hold, use and disclose Personal Information

We collect the Personal Information we need to provide products and services we offer, which includes a broad range of credit, deposit, insurance and other financial products.

We collect, hold and disclose Personal Information for the following purposes:

  • to assess an application for a product or service and provide you with such product or service;
  • to enter into any transactions with you or on your behalf;
  • for any purpose related to the provision of a product or services to you and carrying out associated payments, administration and account services;
  • to assess an application made by you or on your behalf for another product or service that we or another HSBC Group company offers;
  • to promote, facilitate and manage the provision of any other HSBC products or services to you (including those products and services offered by others on our behalf);
  • to maintain, administer and update any other product or Service we or someone on our behalf offers to you and to link such other product or service to your existing product or service;
  • for planning, product development and research purposes and to seek your feedback on products and services (including those products and services offered by others on our behalf);
  • to identify and develop products or services that may interest you and market them to you (unless you ask us not to do so);
  • to analyse transaction details and transactions history to build peer/individual group profiling to enable us to compare your account, income and expenditure, and behaviours with peer groups, and for the development of, and use with internal risk tools;
  • to detect fraud, money laundering or terrorist financing activities as required under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) or breaches of Australian sanctions under the Charter of the United Nations Act 1945 (Cth), Autonomous Sanctions Act 2011 (Cth) and the Banking Act 1959 (Cth) or breaches of certain overseas sanctions law and comply with other regulatory requirements of Australian and certain overseas regulators;
  • to take any action we consider appropriate to meet our compliance obligations with respect to the detection, investigation and prevention of money laundering, terrorist financing, bribery, corruption, tax evasion, fraud, evasion of economic or trade sanctions, or violations, or attempts to circumvent or violate any laws, regulations or governmental directives relating to these matters. Such action may include, but is not limited to: (a) screening, intercepting and investigating any instruction, communication, drawdown request, application for a product or service, or any payment sent to or by you or on your behalf, (b) investigating the source of or intended recipient of funds, (c) combining your Personal Information with other related information in our possession or the possession of the HSBC Group or, (d) making further enquiries as to the status of a person or entity, whether they are subject to a sanctions regime, or confirming the Customer's identity and status;
  • to facilitate any transactions entered into between you and another person, or provide any transactions entered into or performed by a person at your request and for or on your behalf;
  • to verify your identity under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) and confirm at periodic intervals whether such details are up-to-date whilst you have a product with us or are receiving a service from us. In doing this, HSBC may disclose your name, residential address and date of birth to a credit reporting body and request that credit reporting body to prepare and provide to HSBC an assessment of whether these details match (wholly or partly) information contained in your credit file held by such credit reporting body. The credit reporting body may compare your details with the names, residential addresses and dates of birth contained in credit information files of other individuals for the purposes of making the assessment. If you do not provide HSBC with your Personal Information as requested, HSBC may not be able to provide you with the products or services sought.
  • in the event of a government identifier such as a driver's licence number or passport number, provide such government identifiers to identity verification vendors including credit reporting bodies to authenticate your identity.

Who do we disclose Personal Information to?

Below are the organisations to whom we disclose your Personal Information. This is not an exhaustive list.

Where you apply for a credit product

  • credit reporting bodies in Australia such as Veda, Experian and Dun and Bradstreet;
  • mortgage insurers and re-insurers of mortgage insurance;
  • merchant retailers - where you have applied for a product through them;
  • introducers – where you have applied for a product or service through them;
  • debt collection agencies – where you have not met your payment obligations to us;
  • guarantors – for those customers whose credit obligations are guaranteed by another person, or who propose that their credit obligations be guaranteed by another person;
  • insurance companies and possibly also insurance brokers and agents – if you take out insurance in connection with a product or finance the payment of an insurance premium;
  • persons who have an interest in any property offered to HSBC as security;
  • persons acquiring an interest in your loan or credit account or who are involved in managing our corporate risk and funding functions (for example, organisations involved in securitisation).

Where we issue a deposit power bond at your request in connection with the purchase of a property

  • the vendor of the property;
  • the insurance company or guarantor on whose behalf we issue the bond; and
  • credit providers.


  • service providers to HSBC for example mailing houses, planning services, cards schemes, product development, research purposes, cheque processors, printers, lawyers, auditors, receivers and liquidators (these organisations are required to keep Personal Information we give them confidential and use it only for our purposes);
  • the directors, officers, employees, agents, contractors and sub-contractors of the above service providers;
  • anyone acting on your behalf, payment recipients, beneficiaries, account nominees, intermediary, correspondent and agent banks;
  • alliance partners, where you have a co-branded product;
  • a financial planner, financial adviser, broker, agent or accountant – if you are introduced to us by, or apply to us through, them or if you authorise or request us to disclose information to them;
  • if you apply for an investment through our financial planning business, if you authorise someone else to operate your account (including an additional cardholder on a credit card account), that person;
  • if you use the Bank@Post service or you have your identity verified at a post office, Australia Post;
  • payment system operators and participants in payment systems;
  • if you have an account with another financial institution and you use one of our automatic teller machines, that other financial institution;
  • if you use a non-HSBC automatic teller machine, the owner/operator of that automatic teller machine;
  • where we decide to securitise loans; and
  • where we decide to sell or merge aspects of our business or where we acquire new businesses.

Government bodies, etc.

Personal Information may be used and disclosed for prudential, risk management and corporate government purposes. We may, only under proper authority, be required from time to time to disclose your Personal Information to local or overseas governmental or judicial bodies or agencies or regulators. We may also disclose your Personal Information to these bodies for law enforcement purposes or where HSBC or an HSBC Group member has a public duty to disclose your Personal Information.

We maintain strict security systems designed to prevent unauthorised access to your information by anyone, including our staff

The security of your information is important to HSBC and we take all reasonable precautions to protect your information from misuse, loss, unauthorised access, modification or disclosure.

All HSBC Group companies, all our staff and all third parties with permitted access to your information are specifically required to observe our confidentiality obligations to you

Some of the ways we protect your Personal Information include but are not limited to:

  • security of external and internal premises;
  • restricting access to Personal Information to employees who need it to perform their day-to-day employment functions;
  • providing employee training in relation to privacy and confidentiality;
  • data encryption technology and firewalls;
  • maintaining technology to prevent unauthorised computer access including identifiers and passwords; and
  • maintaining physical security over paper records. We will also de-identify your Personal Information where possible to ensure your anonymity and securely destroy your Personal Information where it is no longer needed for any purpose and after any regulatory timeframes for holding your Personal Information have expired.

Do not access Internet Banking from computer terminals which are shared with other users (e.g. Internet cafés), as it is difficult to ensure these computers are free of hacker programmes (someone might be able to access your personal/account information) as well as your Personal Information may be retrievable from the hard drive of such computers.

We may disclose your Personal Information outside of Australia

Being a global organisation, the HSBC Group leverages its global synergies to provide its products and services its customers. As such, HSBC may disclose your Personal Information to members of the HSBC Group located overseas in countries where we operate. A list of these countries can be found at, which may be updated from time to time.

All HSBC Group entities are required to comply with the higher information protection standard of either the HSBC Group Privacy Statement, which is based on the United Kingdom’s Data Protection Act 1999 (UK), which is a UK law similar to the Privacy Act 1988 (Cth) or local laws in the country in which the HSBC Group entity is operating. HSBC also must comply with its general law duty of confidentiality to you.

As such, if you apply for, or we provide you with, a product or service, you consent to the disclosure of your Personal Information to our offshore HSBC Group entities. Such HSBC Group entities will manage your Personal Information in accordance with the above requirements and for this reason we will not have to take such steps as are reasonable in the circumstances to ensure that HSBC Group entities do not breach the Australian Privacy Principles as such HSBC Group entities will be complying with HSBC’s Group Privacy Statement.

We aim to keep your Personal Information up-to-date

We rely on the Personal Information we hold about you in conducting our business. Therefore, it is important that the information we hold about you is accurate, complete and up-to-date. This means that from time-to-time we may ask you to tell us if there are any changes to your Personal Information. If you find that the Personal Information we hold about you is incorrect, please advise us immediately. To do so, you can visit an HSBC branch, call 1300 308 008 or write to The Privacy Officer at HSBC Bank Australia Limited, GPO Box 5302, Sydney NSW 2001.

For Personal Information held on our Global Banking and Markets, Commercial Banking or Business Banking customers, please contact your Relationship Manager in the first instance to discuss your situation. HSBC will correct information it has about you if it discovers, or you are able to show to a reasonable standard, the information is incorrect. If you seek correction and HSBC disagrees that the information is incorrect, HSBC will provide you with its reasons for taking that view.

In the event HSBC does not agree to correct your Personal Information you have a right to request the publication of an associated statement. At the time, HSBC will advise how to do this.

How you can access your Personal Information from us?

Individuals who would like more information about HSBC’s approach to privacy, or would like to find out what information we hold about them, are encouraged to visit an HSBC branch, call 1300 308 008 or write to The Privacy Officer at HSBC Bank Australia Limited, GPO Box 5302, Sydney NSW 2001.

For Personal Information held on our Global Banking and Markets, Commercial Banking or Business Banking customers, please contact your Relationship Manager in the first instance to discuss your situation.

For access to Credit Information we hold about you, please refer to our Credit Information Management Policy at

Generally, HSBC allows individuals access to the information it holds about them within a reasonable time after they have made a written request for access. In some instances, HSBC will refuse to give an individual access to requested information. Unless HSBC is unable to do so, it will provide the individual with the reason they have been refused access.

HSBC may also decide to provide you with limited information. Unless HSBC is unable to do so, it will provide the individual with the reason the request has been limited. This may be because the process you are asking about is commercially sensitive or the request is vexatious or frivolous or we are prevented from disclosing this information at law.

HSBC may charge a fee for informing an individual what Personal Information it has about them. This fee will be charged to cover HSBC’s reasonable costs in locating and supplying the information. Following the receipt of your requests for access to Personal Information, HSBC will be in contact and provide you with an estimate of the charges applicable.

If you have a complaint relating to your Personal Information

If you have concerns about the way in which we have handled your Personal Information or our compliance with the Australian Privacy Principles, you should contact our Customer Relations team.

At HSBC Bank Australia Limited we are committed to the delivery of excellence through the highest customer service standards.

Whether you are providing feedback, paying a compliment or making a complaint, your input is the key to inspiring our products and services.

There are several ways that you can lodge a complaint or provide feedback above we have handled your Personal Information or our compliance with the Australian Privacy Principles :

By Phone (8am to 7pm AEST):
Within Australia:
Toll Free: 1300 308 188
From Overseas:
+61 2 9005 8181

By Fax:
+61 2 9255 2647

By Mail:
Customer Relations Team
HSBC Bank Australia Limited
Level 36 - Tower 1 - International Towers Sydney | Barangaroo South
100 Barangaroo Avenue
Sydney NSW 2000

Alternatively, you can visit an HSBC Branch to discuss your situation. Global Banking and Markets, Commercial Banking and Business Banking customers should contact their Relationship Manager directly in the first instance.

You should advise the Customer Relations team or your Relationship Manager that your concern is in relation to a privacy matter and provide full details of your concern so that we may appropriately investigate. We may ask you to place your concerns in writing in order for us to fully understand and investigate the issues you have raised.

If you are not satisfied with the outcome of your complaint to us, you can contact the Financial Ombudsman Service by calling them on 1300 78 08 08, visiting their website at  or writing to them at GPO Box 3 Melbourne VIC 3001. This is a free dispute-resolution service of which HSBC is a subscriber.

You can also go to Office of the Information Commissioner, by calling them on 1300 363 992, writing to them at either GPO Box 5218 Sydney NSW 2001 or GPO Box 2999 Canberra ACT 2601, or e-mailing them at or visiting their website at 

Responding to your complaint

We will attempt to respond to your complaint as soon as possible. However, where a matter is complex, we will write to you and advise you that we will attempt to resolve the matter within 30 days. If we need more time we will ask you for an extension to this period and give you the reasons why we need to have the period extended. If you do not consent to the extension sought by HSBC, we may not be able to resolve your complaint.

Joint information

Where you have a joint account with an individual or a number of individuals we will permit access to the account details and the operation or conduct of the account but will not provide you with access to the other individual’s Personal Information unless the person you have the joint account with has provided their consent or the law or a court order requires us to.


Cookies are pieces of information that a website transfers to your computer’s hard disk for record keeping purposes and which allow us to provide you with customised services. Cookies can make the web more useful by storing information about your preferences on particular sites, thus enabling website owners to provide more useful features for their users. They can also help us provide information which is targeted to your interests. Cookies contain no name or address information or any information that will enable anyone to contact you via telephone, e-mail or any other means.

Most browsers are initially set to accept cookies. If you would prefer, you can set your browser to refuse cookies. However, given that we may sometimes use cookies, you may not be able to take full advantage of our website, if you do so.

Web beacons

Our web pages may contain electronic images, known as web beacons or spotlight tags. These electronic images enable us to count users who have visited certain pages of our website. Web beacons and spotlight tags are not used by us to access your Personal Information, they are simply a toll we use to analyse which web pages customers view, in an aggregate number.

There may also be specific and additional privacy provisions, which may apply to certain sections of our website, or accounts you hold with us or services provided to you, which will operate in addition to the provisions of this Privacy Policy. If there is any inconsistency between the provisions of this Privacy Policy and those other specific and additional provisions, the specific and additional provisions will prevail.

Please see and our various links such as privacy and security, terms of use, and Hyperlink Policy.

Direct Marketing

From time-to-time we or other members of the HSBC Group may use your Personal Information to inform you about our or other members of the HSBC Group’s products and services including special offers. We obtain your consent to market to you in the application form for our products or services unless you have specifically stated that you do not want us to contact you for this purpose.

If you do not wish to receive this information or wish to know the source who provided us with your Personal Information, simply let us know by visiting an HSBC branch, calling 1300 308 008 or writing to HSBC at GPO Box 5302, Sydney NSW 2001.

You can change your mind about receiving information about our products and services at any time. Simply let us know by phoning the above number or writing to the above address.

HSBC does not disclose your Personal Information to organisations outside of the HSBC Group for the purposes of allowing them to direct market their products or services to you unless you have otherwise consented.

If the law requires us to provide you with information about our products or services, we will provide that information to you even if you have elected not to receive information about our products and services generally.


If you deal with us by telephone it is possible your call may be monitored or recorded. The purpose of doing this will depend on which part of our business you are dealing with. We may record or monitor your call for training, quality, verification, consent, or authentication purposes.

Changes to our Privacy Policy

We may make changes to our Privacy Policy from time to time and for any reason. If we do, we will publish an updated Privacy Policy on our website.