HSBC takes your privacy seriously.
HSBC Private Bank (Luxembourg) S. A. (‘HSBC’) collects, uses and shares information about you so that it can provide you with a bank account and related services.
This App Privacy Notice explains how HSBC collects, uses and shares your information when you use this app, including information about the device that the app is installed on e.g. your mobile phone or tablet.
Personal information collected by this app and why we process it
This table explains what information HSBC collects from your device, how it uses it, and whether it shares it.
In some cases, e.g. when accessing the contacts stored on your device, or photos that you take with your device HSBC will first ask your permission. HSBC may share your information with other HSBC group companies and any sub-contractors, agents or service providers who work for us or other HSBC group companies (including their employees, sub-contractors, service providers, directors and officers) to provide you with products or services that you ask for (such as bank accounts and payments) and as explained in our main privacy notice - this type of data sharing is not included in the table.
| Permissions | Use for |
|---|---|
| Internet connection | Allows applications to connect to the internet. |
| Internet connection check | This allows us to check if you have a working internet connection. |
| Device state | Allows us to know if you are on a call while using the app. This helps us to detect and prevent fraud. |
| Device storage check | This allows the app to save files onto your device's external storage. |
| Device storage | This allows the app to save and send files from your device's external storage. |
| Biometric recognition |
Allows an app to use biometric recognition for your authentication. If you do so, we rely on your device’s technology to authenticate you and we do not collect or store your underlying biometric data. |
| WiFi connection | This allows us check if you have a working internet connection. |
| Communication | Allows Samsung devices to support Firebase Cloud Messaging (see “Cookies” section) |
| Communication | Allows Samsung devices to support Firebase Cloud Messaging & Apple Push Notification Service (see “Cookies” section). |
| Prevent phone from sleeping | Required by older versions of Google Play services to create Firebase Instance ID tokens. These tokens allow us to send notifications to customers. |
| Notification | Allows an app to popup notifications. |
| Google firebase Advertising ID | Allows an app to get the Google firebase Advertising ID, Google push feature will depends on this. |
| Permissions | Internet connection |
|---|---|
| Use for | Allows applications to connect to the internet. |
| Permissions | Internet connection check |
| Use for | This allows us to check if you have a working internet connection. |
| Permissions | Device state |
| Use for | Allows us to know if you are on a call while using the app. This helps us to detect and prevent fraud. |
| Permissions | Device storage check |
| Use for | This allows the app to save files onto your device's external storage. |
| Permissions | Device storage |
| Use for | This allows the app to save and send files from your device's external storage. |
| Permissions |
Biometric recognition |
| Use for | Allows an app to use biometric recognition for your authentication. If you do so, we rely on your device’s technology to authenticate you and we do not collect or store your underlying biometric data. |
| Permissions | WiFi connection |
| Use for | This allows us check if you have a working internet connection. |
| Permissions | Communication |
| Use for | Allows Samsung devices to support Firebase Cloud Messaging (see “Cookies” section) |
| Permissions | Communication |
| Use for | Allows Samsung devices to support Firebase Cloud Messaging & Apple Push Notification Service (see “Cookies” section). |
| Permissions | Prevent phone from sleeping |
| Use for | Required by older versions of Google Play services to create Firebase Instance ID tokens. These tokens allow us to send notifications to customers. |
| Permissions | Notification |
| Use for | Allows an app to popup notifications. |
| Permissions | Google firebase Advertising ID |
| Use for | Allows an app to get the Google firebase Advertising ID, Google push feature will depends on this. |
| Permission | Use for |
|---|---|
| Camera Access | Allows our app to access your device’s camera for facial recognition. |
| Facial Recognition | Allows our app to use facial recognition for your authentication. If you do so, we rely on your device’s technology to authenticate you and we do not collect or store your underlying biometric data. |
| Location | Allows our app to access your location to help us detect and prevent fraud. |
| Permission | Camera Access |
|---|---|
| Use for | Allows our app to access your device’s camera for facial recognition. |
| Permission | Facial Recognition |
| Use for | Allows our app to use facial recognition for your authentication. If you do so, we rely on your device’s technology to authenticate you and we do not collect or store your underlying biometric data. |
| Permission | Location |
| Use for | Allows our app to access your location to help us detect and prevent fraud. |
| Name of cookie | Use for |
|---|---|
| AppDynamics | Allows us to track app performance so that it can keep running smoothly |
| Google Play Service | Allows us to recognise your approximate location |
| RASP | Allows us to detect and prevent malware and fraud, by collecting information about potential risks on your device, for example if it’s jailbroken or rooted, or if there are untrusted software keyboards or screen readers installed. |
| Tealium | Allows us to track your activity within the app to support future enhancements |
| Transmit Security | Allows us to secure your login and authentication |
| Name of cookie | AppDynamics |
|---|---|
| Use for | Allows us to track app performance so that it can keep running smoothly |
| Name of cookie | Google Play Service |
| Use for | Allows us to recognise your approximate location |
| Name of cookie | RASP |
| Use for | Allows us to detect and prevent malware and fraud, by collecting information about potential risks on your device, for example if it’s jailbroken or rooted, or if there are untrusted software keyboards or screen readers installed. |
| Name of cookie | Tealium |
| Use for | Allows us to track your activity within the app to support future enhancements |
| Name of cookie | Transmit Security |
| Use for | Allows us to secure your login and authentication |
Lawful ground
The cookies we use are either strictly necessary or optional. Depending on that the lawful ground for processing your personal data would be either:
- The performance of a contract entered into or of a commitment under which you and/or we are engaged;
- Comply with a legal or regulatory obligation;
- Safeguarding public interest, such as prevention or detection of fraud or financial crime;
- Consent;
- The protection of our legitimate interests.
Security and protection
We use your information to help protect you and ourselves against fraud or crime. For example, our service providers look at all use of our website to help block malicious activity. This helps keep you and us safe.
One of our security providers is Google ReCaptcha. Google asks us to tell you that this is subject to the Google Privacy Policy and Terms of Use.
We use a range of measures to keep your information safe and secure which may include encryption and other forms of security. We require our staff and any third parties who carry out any work on our behalf to comply with appropriate compliance standards including obligations to protect any information and applying appropriate measures for the use and transfer of information.
How long we keep your personal information?
We’ll keep your information in line with our data retention policy. For example, we’ll normally keep your main banking information for a period of seven years from when our relationship with you ends. This allows us to comply with legal and regulatory requirements or use it where we need to for our legitimate purposes such as managing your account and dealing with any disputes or concerns that may arise. We may need to keep your information for longer where we need the information to comply with regulatory or legal requirements, help detect or prevent fraud and financial crime, answer requests from regulators etc. If we don’t need to keep information for this length of time, we may destroy, delete or anonymise it sooner.
Your rights
If you would like further information on any of the information above, please address questions, comments and requests to your usual contact person at HSBC Private Bank (Luxembourg) SA at 18 Boulevard de Kockelscheuer, L-1821 Luxembourg or to http://www.hsbc.lu
Want to know more about how we process personal data at HSBC?
This app is provided by HSBC Global Services (UK) Limited for and on behalf of HSBC, and all products and services accessed via this app are provided by HSBC.
Our data protection officer can be reached at the following address:
HSBC Continental Europe
Data Protection Officer – Délégué à la protection des données
38, Avenue Kléber
75116 Paris, France
Page last updated July 2023