This Privacy Notice outlines how particular members of the HSBC Group, as data controllers, use the personal information of individuals connected to institutional and corporate clients of The Hongkong and Shanghai Banking Corporation Limited, Bangkok Branch, in Thailand ("Client(s)") in the context of the banking relationship between us and those Clients.
Wherever we use the term "Connected Person", this means individual(s) connected to a Client and could be any guarantor, a director, officer or employee of a company, partners or members of a partnership, any substantial owner, controlling person, or beneficial owner, trustee, settlor or protector of a trust, account holder or authorised signatory of a designated account, recipient of a designated payment, a Client’s attorney or representative, agent or nominee, individuals who are clients of a Client, or any other persons with whom a Client has a relationship relevant to their relationship to the HSBC Group.
This Privacy Notice is applicable to Connected Persons of Clients of The Hongkong and Shanghai Banking Corporation Limited, Bangkok Branch ("we", "our" or "us").
This Privacy Notice explains what information we collect, how we will use that information, who we will share it with, the circumstances when we will share it and the steps we will take to make sure it stays private and secure. We may provide Connected Persons with separate or further information about how we collect and use information for particular products or services, in which case that information will also apply. This Privacy Notice does not apply to any other relationships a Connected Person may have with the HSBC Group, for example as a retail customer.
Clients must direct any individuals whose personal data we may collect and process, including Connected Persons, to this Privacy Notice and make sure they are aware, prior to providing their Personal Data to us or our obtaining their Personal Data, that we are using their Personal Data as described.
Any personal information allowing the identification of individuals, such as Connected Persons, is "Personal Data". We only collect Personal Data in line with relevant regulations and law. We may collect it from a range of sources. Some of it will come directly from Clients or Connected Persons, or we may generate some of it or obtain it from publicly available sources.
Personal Data may include:
Personal Data we collect or generate may include:
Information we collect from other sources may include:
Personal Data may be processed, used and stored by us and/or by third parties for the following purposes, which are carried out for our or a Client’s legitimate interests unless otherwise stated:
We may use automated systems to help us assess credit, financial crime or fraud risk associated with the provision of products and services.
We may use Personal Data for marketing purposes. We may send Connected Persons marketing messages in different ways (e.g. post, email, online and mobile banking or secure e-messages) with information about our products and services. We will ask for permission if required. If anyone whose Personal Data we hold asks us not to send them marketing materials, it may take us a short period of time to update our systems and records to reflect that request, during which time they may continue to receive marketing messages.
We may use Personal Data for market research and to identify trends. Market research agencies acting on our behalf may get in touch by post, telephone, email or other methods of communication to invite individuals to take part in research. Any responses provided whilst participating in market research will be reported back to us anonymously unless permission to share those details are given.
We may record and keep track of conversations anyone acting on behalf of our Clients, including Connected Persons, have with us – including phone calls, face-to-face meetings, letters, emails, live chats, video chats and any other kinds of messaging. We use these recordings to check instructions, assess, analyse and improve our service, train our people, manage risk or to prevent and detect fraud and other crimes. We may capture telephone numbers that we are called from and information about the devices or software used.
We may share Personal Data for the above purposes with the following data recipients:
Personal Data may be transferred to and stored in locations outside Thailand, including in countries that may not have the same level of protection. When we do this, we’ll ensure it has an appropriate level of protection and that the transfer is lawful. We may need to transfer Personal Data in this way to perform our contract with a Client, to fulfil a legal obligation, to protect the public interest and/or for legitimate business interests.
In some countries the law might compel us to share certain information, e.g. with Tax Authorities. Even in these cases, we will only share information with people who have the right to see it.
More details of the protection given to Personal Data when it is transferred outside Thailand can be obtained by contacting us.
We may share aggregated or anonymised information outside of the HSBC Group with partners such as research groups, universities or advertisers. For example, we may share such information publicly to show trends about the general use of our services. However, it will not be possible for individuals to be individually identified from this information.
We keep Personal Data in line with our data retention policy. This enables us to comply with legal and regulatory requirements or use it where we need to for our legitimate purposes such as account management account and dealing with any disputes or concerns that may arise. For example, we’ll normally keep core banking data for a period of ten years from the end of our relationship with a Client. We may need to retain Personal Data for a longer period where we need the information to comply with regulatory or legal requirements or where we may need it for our legitimate purposes, e.g. to help us respond to queries or complaints, fighting fraud and financial crime, responding to requests from regulators, etc. If we don’t need to retain Personal Data information for this period of time, we may destroy, delete or anonymise it more promptly.
Individuals whose Personal Data we process, including Connected Persons, have a number of rights in relation to their Personal Data. These rights include:
You can exercise your rights by contacting us using the details set out below. You may also have a right to complain to Thailand Personal Data Protection Committee.
If we, or a fraud prevention agency, determine that a fraud or money laundering risk is posed, we may refuse to provide the services and credit requested or we may stop providing existing products and services to a Client or Connected Persons. A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services.
Clients should ensure that any Personal Data they provide to us is accurate and up-to-date, and direct relevant individuals to this Privacy Notice and make sure they understand how we use their information as described in it prior to providing their Personal Data to us, or our obtaining their Personal Data from other sources. They should also draw their attention to the section on their rights.
We use internal technical and organisational measures to keep Personal Data safe and secure which may include encryption, and other forms of security measures. We require our staff and any third parties who carry out any work on our behalf to comply with appropriate compliance standards including obligations to protect any information and applying appropriate measures for the use and transfer of information.
Individuals may request further information on any of the information above, or contact our Data Protection Officer at HSBC Building, 968 Rama IV Road, Silom, Bangrak, Bangkok 10500 addressed ‘for the attention of the DPO'.
"Authorities" includes any judicial, administrative, public or regulatory body, any government, any Tax Authority, securities or futures exchange, court, central bank or law enforcement body, or any of their agents, with jurisdiction over any part of the HSBC Group.
"Compliance Obligations" means obligations of the HSBC Group to comply with: (a) Laws, or international guidance and internal policies or procedures, (b) any demand and/or requests from Authorities or reporting, regulatory trade reporting, disclosure or other obligations under Laws, and (c) Laws requiring HSBC to verify the identity of our customers and/or Connected Persons.
"Financial Crime Risk Management Activity" means any action that HSBC, and members of the HSBC Group, are required, and may take as they consider appropriate in their sole and absolute discretion, to meet Compliance Obligations in connection with the direction, investigation and prevention of Financial Crime, including but not limited to: (a) screening, intercepting and investigating any instruction, communication, drawdown request, application for Services, or any payment sent to or by a Client or on their behalf, (b) investigating the source of or intended recipient of funds, (c) combining Personal Data with other related information in the possession of the HSBC Group, and/or (d) making further enquiries as to the status of a person or entity, whether they are subject to a sanction regime, or confirming a Client’s or Connected Person’s identity and status.
"Financial Crime" means money laundering, terrorist financing, bribery, corruption, tax evasion, fraud, evasion of economic or trade sanctions, and/or violations, or acts or attempts to circumvent or violate any Laws relating to these matters.
"Laws" means any applicable local or foreign statute, law, regulation, ordinance, rule, judgement, decree, voluntary code, directive, sanctions regime, court order, agreement between any member of the HSBC Group and an Authority, or agreement or treaty between Authorities and applicable to HSBC or a member of the HSBC Group.
"Services" includes, without limitation, (a) the opening, maintaining and closing of bank accounts, (b) providing Clients with credit facilities and other banking or investment products and services (including, for example, securities dealing, investment advisory, broker, agency, custodian, clearing or technology procuring services), processing applications, ancillary credit assessment and product eligibility assessment, and (c) the maintenance of HSBC’s overall relationship with Clients, including promoting financial services or related products to Clients, market research, insurance, audit and administrative purposes.
"Tax Authorities" means domestic or foreign tax, revenue, fiscal or monetary authorities.
Notice to Thai Customers and Others relating to Personal Data Protection Act B.E. 2562 (2019)
The Personal Data Protection Act B.E. 2562 (2019) ("PDPA") establishes a data protection law in Thailand that governs the collection, use, disclosure and cross-border transfer of personal data. Please click here for information on how we manage your personal data in accordance with the PDPA.