How we collect and use your personal information
It is important that you take the time to read and understand this notice so that you understand how we will use your personal information and your rights in relation to your personal information.
Before we begin
This notice applies to any personal data processed by HSBC Asset Management (France), acting as data controller, with regards to products and services offered to professional clients, institutional investors, financial intermediaries and any other companies.
This notice explains the kind of data we may collect from you or your connected persons, how we will use that data, who we might share it with, and what steps we’ll take to make sure it stays private and secure. This notice continues to apply even if your agreement with us ends.
This notice concerns all processing of personal data controlled by HSBC Asset Management (France) and its branches based in Italy, Spain and Sweden. If you are in relation with another HSBC entity, you will receive a dedicated communication if relevant and necessary.
Some of the hyperlinks on our websites can redirect you to external websites that do not belong to HSBC. Those websites have their own policies and confidentiality notices which can differ from our own: it is important that you take the time to read and understand those documents as well.
All individuals, whose personal data you transfer to us, must be informed, in particular with this privacy notice, of the way we may collect and process their data. Those individuals must be made aware, among other information, of their rights.
Wherever we say ‘you’ or ‘your’, this means any individual who deals with us and, if you are acting on behalf of a company, trust or pension fund, for and on behalf of that company, trust or pension fund (e.g. directors, employees, consultants, agents) or other people connected to your account (including employees, authorised signatories, partners, members and trustees) and in relation with HSBC.
Wherever we say ‘HSBC’, ‘we’ or ‘our’, this includes HSBC Asset Management (France) and other HSBC Group companies. For the purposes of data protection law, HSBC Asset Management (France) is the data controller in relation to your information.
This notice only applies to information about individuals.
What information do we collect and how do we collect them?
The information we collect or have about you might come from different sources. Some of it may come directly from you and others may have been collected, in compliance with applicable laws and regulations, in the past or from other HSBC entities. We can also collect information when we communicate with you, when you call us or exchange emails, when you visit our websites or our offices.
Some information may also come from publicly available sources (e.g. press or the internet) or third parties (e.g. fraud prevention agencies). Some information may also be the result of combining different sets of information.
Information that you provide to us may include:
- information concerning your identity (e.g. name, date and place of birth, signature, or identification information);
- contact information such as your postal address, email address, phone numbers; o information that you give us when entering into an investment management agreement with us, applying for shares or units in any fund, or by communicating with us, whether face-to face, by phone, e-mail, or otherwise.
Information we collect or generate about you may include:
- client relationship information, transactions information and other financial information;
- geographic information;
- information included in relevant customer documentation (e.g. record of advice) and other comparable information;
- marketing and sales information, such as details of the advice and services you receive;
- information linked to our internal investigations and diligences, in particular those made in relation to the rules on asset freeze, sanctions, the fight against money laundering and terrorism financing and any information linked to the controls made on our communication tools;
- records of communications between you and us, including telephone conversations and e-mail communications;
- information we need to comply with our legal and regulatory obligations including data relating to your financial transactions and all information necessary to detect suspicious or abnormal activities linked to you or persons related to you.
Information we obtain from other sources may include:
- communications information (e.g. email information, third party information, chat information, instant messages, corporate and media broadcasts, disputes/litigation, correspondence between solicitors and stakeholders and transcripts or minutes).
How do we use your information?
We will process your personal data based on one or several of the following lawful reasons:
- you have provided us with your consent for the processing of your personal data for one or more specific purposes;
- processing is necessary for the performance of a contract to which you and we are party or in order to take steps, at your request, prior to entering into a contract;
- processing is necessary for compliance with a legal or regulatory obligation we are subject to;
- processing is necessary to protect our legitimate interests (such as relationship between you and us, fraud prevention, marketing purposes, network and information security);
- processing is necessary to preserve the public interest.
We will process your personal data for several purposes, including to:
- ensure the defence of our rights and compliance with all our legal and regulatory obligations;
- detect and prevent fraud and money laundering;
- provide you with information, products and services you may request from us;
- manage our relationship with you – including (if you agree or unless you tell use otherwise) telling you about our products, or carrying out market research;
- manage our internal operational requirements for risk management, system or product development and planning, insurance, audit and administrative purposes.
[See Appendix 1]
Compliance with our legal and regulatory obligations
We process your personal data in order to comply with any legal and regulatory obligations and as the case may be share them with a regulator or a public authority but always subject to applicable laws. The purpose of this processing is to detect and prevent any offense or financial crime (including terrorism financing and money laundering) and is based on a legal obligation.
Tracking or recording what you say or do
We may record and keep track of conversations you have with us – including phone calls, face-to-face meetings, letters, emails, live chats, video chats and any other kinds of messaging in order to use these recordings to check your instructions to us, assess, analyse and improve our service, train our people, manage risk or to prevent and detect fraud and other crimes. We use closed circuit television (CCTV) in and around our offices for security purposes and so we may collect photos or videos of you, or record your voice through CCTV.
Marketing and market research
We may use your information for marketing purposes and we will do this on the basis that it is in our legitimate interest. With your freely-given permission, we may send you marketing messages by email, text, phone, sms or secure messages with information about our products and services. Should you decide not to give your consent or provide your personal data for marketing purposes, there will not be any consequence. You can tell us at any time if you would like or no longer like to receive marketing information by contacting us using the contact details set out in ‘More details about your information’ section below, or whenever you apply for products and services. You can withdraw your consent also selectively (e.g. by telling us that you wish to receive no more telephone calls, but you wish to continue receiving communications by email, text, sms or secure messages). If you ask us not to send you marketing information, it may take us a short period of time to update our systems and records to reflect your request, during which time you may continue to receive marketing information. Even if you tell us not to send you marketing information, we will continue to use your contact information to provide you with important service information, such as changes to your terms and conditions and fund reporting, or where we’re required to do so by law.
Who do we share your information with?
We may transfer and disclose your information to:
- other HSBC group companies and any sub-contractors, agents or service providers who work for, or provide services to, us or other HSBC group companies (including their employees, sub-contractors, directors and officers);
- anyone who deals with us in relation to your investment and agreement with us (e.g. financial adviser), the people you make payments to, your beneficiaries, intermediary, correspondent and agent banks, clearing houses, clearing or settlement systems, market counterparties, upstream withholding agents, swap or trade repositories, stock exchanges, and any companies you hold securities in through us (e.g. stocks, bonds or options);
- other financial institutions, fraud prevention agencies, tax authorities, trade associations;
- any person, company or other entity that has an interest in or takes on the risk in relation to or in connection with the products or services that we provide to you;
- any prospective or new HSBC companies (e.g. if we restructure, or acquire or merge with other companies) – or any businesses that buy part or all of any HSBC company;
- to auditors, regulators, TRACFIN in France or any other similar entity in other countries, Banque de France in France or any other similar entity in other countries or dispute resolution bodies and to comply with their requests;
- other companies who do marketing or market research for us;
- if there’s a dispute over a transaction, anyone else who’s involved;
- law enforcement, government, courts, regulators or public administration and authorities.
Transferring your information overseas
Your information may be transferred to, and stored at, a destination outside the European Union (“EU”), including locations which may not have the same level of protection as France, Italy, Spain, Sweden or the European Union, for personal information. We will transfer your information in this way only to perform our contract with you, to fulfil a legal obligation, to protect the public interest and/or to protect our legitimate interests.
Where we transfer your information outside the EU, we will always ensure that it is protected. To do so, we will implement safeguards, such as encryption and contractual arrangements including the EU model clauses, for all transfer of personal data. However, we may transfer your personal data to third countries which have not been recognised, by the European Commission, as providing an adequate level of data protection.
You can obtain more details of the protection given to your information when it is transferred outside the EU by contacting us in accordance with the “More details about your information” section below.
How long do we keep your information?
We will keep your personal data as long as you use our services and platforms (such as our website). We may also continue to hold onto your data, once you have stopped using our services and platforms, in particular to comply with applicable laws and regulations, to protect our legitimate interests or assert our rights. We will not keep them longer than necessary and, as required by applicable laws and regulations, we will either destroy them in a secure manner or anonymise them, once we no longer need to keep them.
Some data can be kept for longer period in order to answer potential claims or litigation, comply with applicable legal and regulatory obligations and answer requests from regulators and public authorities.
You have a number of rights in relation to the information that we hold about you:
- the right to obtain information regarding the processing of your information and access to the information we hold about you;
- the right to withdraw your consent to our processing of your information at any time. Please note, however, that we may still be entitled to process your information if we have another legitimate reason for doing so;
- in some circumstances, the right to receive some information electronically and/or request that we transmit the information to a third party where this is technically feasible. Please note that this right only applies to information you have provided to us;
- the right to request that we amend, rectify or complete your information if it is inaccurate or incomplete;
- the right to request that we erase your information in certain circumstances. Please note that there may be legal or regulatory provisions as well as legitimate interests that may allow us to retain your data;
You also have the right to object to and the right to request that we restrict our processing of your information in certain circumstances. Again, there may be circumstances where you object to, or ask us to restrict, our processing of your information but we have a legitimate interest to continue processing your information and / or to refuse that request.
You can exercise your rights by contacting us using the details set out in the “Exercise of your rights/more details about your information” section below. You can find out more information about your rights on the CNIL website: https://www.cnil.fr. You also have the right to lodge a complaint in the Member State of your habitual residence, place of work or place of the alleged infringement of your right.
In France, you can lodge a complaint with the Commission Nationale de l’Informatique et des Libertés (please click here or contact the CNIL at this address: CNIL - 3 Place de Fontenoy - TSA 80715 - 75334 Paris - Cedex 07 - France).
In Italy you can lodge a complaint with the Garante per la protezione dei dati personali (please click here or contact the GPDP at this address: GPDP - Piazza Venezia 11 – 00187 Roma – Italy, e-mail firstname.lastname@example.org).
In Spain you can lodge a complaint with the Agencia Española de Protección de Datos (please click here or contact the AEPD at this address: AEPD - C/ Jorge Juan, 6 28001- Madrid - Spain).
In Sweden you can lodge a complaint with the Datainspektionen (please click here or contact the Datainspektionen at this address: Datainspektionen, Box 8114, SE-104 20 Stockholm, Sweden Office address: Drottninggatan 29, 5th floor, Stockholm, Sweden).
What do we expect from you?
You are responsible for making sure the information you give us is accurate and up to date. And you must tell us if anything changes, as soon as possible.
If you give us any personal information that does not relate to you (e.g. information about your financial adviser and/or your employees), you must obtain the necessary consent to disclose such personal information, tell them what information you have given to us, and make sure they agree we can use it as set out in this notice. You must also tell them how they can see what information we have about them and correct any mistakes.
How do we keep your information secure?
We implement internal technical and organisational measures to keep your information safe and secure which may include encryption, anonymisation and physical security measures. We require our staff and any third parties who carry out any work on our behalf to comply with appropriate compliance standards including obligations to protect any information and applying appropriate measures for the use and transfer of information.
More details about your information
If you would like further information on the above, or to exercise your rights, please address questions, comments and requests to:
HSBC Asset Management (France) Italian branch - email@example.com
Or our Data Protection Officer at:
HSBC France – Délégué à la Protection des Données - 103 Avenue des Champs Elysées – 75008 Paris
This Privacy Notice may be updated from time to time, please see the latest version here.
Appendix 1 – What are the purposes of our processing of your data?
We will process your information for the following purposes:
- Deliver our products and services, or process your transaction in order to meet your investment objectives: We will use your information to provide you with our products and services and to process your transactions. We will do this in line with our legitimate interests, legal obligations and in order to perform our contract with you.
- Compliance with Laws and Regulations: comply with the law, or any relevant rules or regulations. This may include to help detect or prevent crime (including terrorism, money laundering and other financial crimes), filing of relevant reports to regulators, disclosing information to authorities, regulators or government agencies to fulfil our legal obligations. This processing is carried out to comply with legal obligations, because it is in the public interest or because it is in our legitimate interest to do.
Preventing and Detecting Crime: We will use your information to take measures to prevent crime including fraud monitoring and mitigation and fraud risk management, carrying out customer due diligence, name screening, transaction screening and customer risk identification, in order to comply with our legal obligations, because this is in the public interest to carry out and assess risk in our legitimate interest. We may share your information with fraud agencies, law enforcement and other third parties where the law allows us to for the purpose of preventing or detecting crime. Additionally we may take steps along with other financial institutions to help prevent financial crime and manage risk where we have a legitimate interest or public interest to do so, such as where it is important to prevent or detect crime. We may be required to use your information to do this, even if you have asked us to stop using your information. That could include (among other things):
- screening, intercepting and investigating any payments, instructions or communications you send or receive (including drawdown requests and application forms);
- investigating who you’re paying or who’s paying you e.g. checks on payments in and out of your account;
- passing information to fraud prevention agencies, if we think you’ve given us false or inaccurate information, or we suspect fraud;
- combining the information we have about you with information from other HSBC companies;
- checking whether the people or organisations you’re paying or receiving payments from are who they say they are, and aren’t subject to any sanctions.
- Security and Business Continuity: we take measures to aid business continuity, information security and we undertake physical security activities in order to fulfil our legal obligation and for internal risk strategy purposes as required in our legitimate interest.
- Risk Management: We will use your information to measure, detect and prevent the likelihood of financial, reputational, legal, compliance or customer loss. This includes credit risk, traded risk, operational risk & insurance risk. We will do this to fulfil our legal obligation and also because we have a legitimate interest in using your information for these purposes.
- Product & Service Improvement: We will use your information to identify possible service and product improvements (including profitability) by analysing information. The lawful basis for processing your information for this purpose is our legitimate interests.
- Information as a product: Where we collect your information for another purpose, e.g. for client on boarding, we may share such information or analytics results with third parties including other HSBC entities where it is in our legitimate interest to do so. The information may be presented as research whitepapers, the delivery of customer-specific information or insights back to same customer, credit checks, and anonymisation of information for the wider market. If we need to process your information for any other purpose, we will notify you with details of the new purpose (and obtain consent, if required) prior to that further processing.
- Marketing: We will use your information to provide you with information about HSBC products and services. The lawful basis for this is our legitimate interest. If you are an existing customer, or we have interacted with you before, we may send you marketing messages by email, fax, telephone, text or secure messages. Otherwise, we will get your permission to send you any marketing messages. We will always give you an opportunity to opt-out of receiving such marketing messages whenever you interact with us and whenever we send you any messages. Please refer to our ‘Marketing’ section of this policy for more information on marketing and your rights in relation to marketing.
- Protecting our legal rights: We may need to use your information to protect our legal rights such as in the case of defending or the protection of legal rights and interests (e.g. collecting money owed; defending rights of intellectual property); court action; managing complaints or disputes; in the event of a restructuring of companies or other mergers or acquisition. We would use this on the basis of legitimate interests.