Privacy Statement

This document sets out the Privacy Statement terms of (the 'Site'). This Site is operated by HSBC Continental Europe, which is owned by HSBC Holdings plc. By accessing this Site, you agree to be bound by these terms and the Terms of Use of the Site. Before using this Site, you should read these terms and the Terms of Use of the Site carefully, as well as our Cookie Policy ('Cookie Policy').

This privacy statement sets out our current policies and demonstrates our commitment to your financial privacy. We may change the content or services found on our Site at any time without notice, and consequently our privacy statement and the Terms of Use may change at any time in the future. You should also read our Cookie Policy to find out more about how HSBC and our trusted partners use cookies, which is relevant to your online security: we use cookies to make our website more secure and easier to use.

HSBC Continental Europe provides financial products and services through its affiliated companies and branches located worldwide. Privacy and personal data protection principles vary from one country to another. When you access or link to any other website, please read the privacy and data protection statements or agreements issued by such other website to determine the policies that apply to information or data maintained by that website.

HSBC's business has been built on trust between us and our customers. To preserve the confidentiality of all information you provide to us:

  1. HSBC will only collect information that it believes to be relevant and required to understand the customer's financial needs and to conduct HSBC's business.
  2. HSBC will use customer information to provide customers with better customer services and products.
  3. HSBC may pass customer information to other HSBC Group companies or agents, as permitted by law.
  4. HSBC will not disclose customer information to any external organisation unless HSBC have customer consent or are required by law or have previously informed the customer.
  5. HSBC may be required, from time to time, to disclose customer information to Governmental or judicial bodies or agencies or HSBC's regulators but HSBC will only do so under proper authority.
  6. HSBC aim to keep customer information up-to-date.
  7. HSBC maintain strict security systems designed to prevent unauthorised access to customer information by anyone, including HSBC staff.
  8. All HSBC group companies, or HSBC staff and all third parties with permitted access to customer information are specifically required to observe HSBC's confidentiality obligations.
  9. In respect with the details and personal information provided and entered by the data subject on the screen of the Bank's public website under the menu 'Request a callback/E-mail Us', these are kept and used only for the purpose of data process which is the call/e-mail the data subject requests for, whilst these details and personal information will not be retained after the completion of the purpose of their process.

By maintaining our commitment to these principles, we will ensure that we respect the inherent trust that you place in HSBC.


In order to develop our website in line with customer needs HSBC is working with Webtrends to track usage on our website. Webtrends provide HSBC with statistics to show us which pages on our website are visited most frequently and how long visitors spend on our website. We use this information to help us plan how we should improve the website. Webtrends uses a cookie to track the number of unique users of the site. It basically tells us whether we have a small number of regular visitors to the website or a large number of infrequent visitors. None of the information can be traced to an individual - we do not know who you are as a unique user, merely that there are a certain number of people using the website. The cookie only relates to what goes on in the HSBC website and the information cannot be used for marketing on an individual basis.

Privacy Notice

How we use personal information

Before we begin

This Privacy Notice outlines how we use the personal information of individuals connected to corporate and institutional clients of HSBC in Greece (“Client(s)”) in the context of the banking relationship between us and those Clients.

Wherever we use the term “Connected Person”, this means individual(s) connected to a Client and could be any guarantor, a director, officer or employee of a company, partners or members of a partnership, any substantial owner, controlling person, or beneficial owner, trustee, settlor or protector of a trust, account holder or authorised signatory of a designated account, recipient of a designated payment, a Client’s attorney or representative, agent or nominee, individuals who are clients of a Client, or any other persons with whom a Client has a relationship relevant to their relationship to the HSBC Group.

This Privacy Notice is applicable to Connected Persons of Clients of HSBC Continental Europe, Greece (“we”, “our” or “us”).

This Privacy Notice explains what information we collect, how we will use that information, who we will share it with, the circumstances when we will share it and the steps we will take to make sure it stays private and secure. We may provide Connected Persons with separate or further information about how we collect and use information for particular products or services, in which case that information will also apply. This Privacy Notice does not apply to any other relationships a Connected Person may have with the HSBC Group, for example as a retail customer.

Clients must direct any individuals whose personal data we may collect and process, including Connected Persons, to this Privacy Notice and make sure they are aware, prior to providing their Personal Data to us or our obtaining their Personal Data, that we are using their Personal Data as described.

What Data we collect

Any personal information allowing the identification of individuals, such as Connected Persons, is “Personal Data”. We only collect Personal Data in line with relevant regulations and law. We may collect it from a range of sources. Some of it will come directly from Clients or Connected Persons, or we may generate some of it or obtain it from publicly available sources.

Personal Data may include:

  • personal details, e.g. name, previous names, gender, date and place of birth, photo ID, passport information, government-issued ID number, national ID card and nationality;
  • contact details, e.g. address, email address, landline and mobile numbers;
  • information we use to identify and authenticate individuals acting on behalf of Clients. (e.g. their signature)

Personal Data we collect or generate may include:

  • information included in Client documentation (e.g. a record of instructions);
  • records about executed transactions (e.g. payment order), payment information including full beneficiary name, address and details of the underlying transaction;
  • marketing and sales information;
  • cookies and similar technologies we use to recognise individuals, remember them or their preferences and tailor the content we provide – our Cookie Policy contains more details;
  • customer due diligence and periodic review results, financial crime risk management rating, external intelligence reports, screening alerts
  • investigations data, e.g. due diligence checks, sanctions and anti-money laundering checks, external intelligence reports, content and metadata related to relevant exchanges of information between and among Clients and Connected Persons, us and other organisations or individuals, including emails, voicemail, live chat;
  • records of correspondence and other communications between us and Clients and Connected Persons;
  • information relating to complaints, including disputes/litigation (including legal strategy, document production, deposition and court transcripts);
  • information that we need to support our regulatory obligations, e.g. transaction details, any suspicious and unusual activity and information about Connected Persons.

Information we collect from other sources may include:

  • information Clients have asked us to collect for them, e.g. about transactions, accounts or holdings with other companies;
  • information from third party providers, e.g. information that helps us to combat fraud;
  • information relating to companies connected to Clients such as affiliates, their activity and business.

How we will use Personal Data


Personal Data may be processed, used and stored by us and/or by third parties for the following purposes, which are carried out for our or a Client’s legitimate interests unless otherwise stated:

  • the provision of services and to approve, manage, administer or effect any transactions that a Client may request or authorise;
  • allowing us to undertake data analytics to gather insights on our Client’s business;
  • the compliance with our legal obligations;
  • the meeting of Compliance Obligations;
  • the conducting of Financial Crime Risk Management Activity and other risk management activities;
  • the enforcement or defence of our rights or those of a member of the HSBC Group;
  • the pursuit of our legitimate business interest(s) such as to ensure compliance with our internal operational requirements or those of the HSBC Group (including credit and risk management, system or data base development, enhancement and planning, insurance, audit and administrative purposes);
  • the maintenance of HSBC or other members of the HSBC Group’s overall relationship with Clients, telling Clients and Connected Persons about our products, or carrying out market research.

We may use automated systems to help us assess credit, financial crime or fraud risk associated with the provision of products and services.

Marketing and market research

We may use Personal Data for marketing purposes. We may send Connected Persons marketing messages in different ways (e.g. post, email, online and mobile banking or secure e-messages) with information about our products and services. We will ask for permission if required. If anyone whose Personal Data we hold asks us not to send them marketing materials, it may take us a short period of time to update our systems and records to reflect that request, during which time they may continue to receive marketing messages

Tracking or recording what Connected Persons say or do

We may record and keep track of conversations anyone acting on behalf of our Clients, including Connected Persons, have with us – including phone calls, face-to-face meetings, letters, emails, live chats, video chats and any other kinds of messaging. We use these recordings to check instructions, assess, analyse and improve our service, train our people, manage risk or to prevent and detect fraud and other crimes. We may capture telephone numbers that we are called from and information about the devices or software used.

Who we might share Personal Data with

We may share Personal Data for the above purposes with the following data recipients:

  • other HSBC Group companies and any sub-contractors, agents or service providers who work for or provide services to us or other HSBC Group companies (including their employees, sub-contractors, directors and officers);
  • anyone acting on a Client’s behalf, payment recipients, beneficiaries, account nominees, intermediary, correspondent and agent banks clearing houses, clearing or settlement systems, market counterparties, and any companies in which Clients have an interest in securities;
  • any party to a transaction acquiring interest in or assuming risk in or in connection with services;
  • other financial institutions, and/or credit reference agencies for the purposes of obtaining or providing credit reference and/or checks;
  • any companies where required in connection with potential or actual corporate restructuring, merger, acquisition or takeover, including any transfer or potential transfer of any of our rights or duties under our agreement with a Client;
  • law enforcement, government, courts, dispute resolution bodies, Tax Authorities, our regulators, auditors and any party appointed or requested by our regulators to carry out investigations or audits of our activities;
  • other companies who do marketing or market research for us;
  • other parties involved in any disputed transactions;
  • fraud prevention agencies, who’ll also use it to detect and prevent fraud and other financial crime and to verify identity;
  • anyone who provides instructions or operates any of a Client’s accounts on their behalf;
  • anybody else that we’ve been instructed to share Personal Data with by a Client or anybody else who provides instructions or operates any of Client’ accounts on their behalf;
  • any member of HSBC Group in connection with or arising from any reporting obligations to any competent Authorities of suspicious transactions by or involving a Client or Connected Persons or other third connected parties.

Transferring Personal Data overseas

Personal Data may be transferred to and stored in locations outside the European Union or European Economic Area (EEA), including in countries that may not have the same level of protection. When we do this, we’ll ensure it has an appropriate level of protection and that the transfer is lawful. We may need to transfer Personal Data in this way to perform our contract with a Client, to fulfil a legal obligation, to protect the public interest and/or for legitimate business interests.

In some countries the law might compel us to share certain information, e.g. with Tax Authorities. Even in these cases, we will only share information with people who have the right to see it.

More details of the protection given to Personal Data when it is transferred outside the EEA can be obtained by contacting us.

Sharing Aggregated or Anonymised Information

We may share aggregated or anonymised information outside of the HSBC Group with partners such as research groups, universities or advertisers. For example, we may share such information publicly to show trends about the general use of our services. However, it will not be possible for individuals to be individually identified from this information.

How long we will keep Personal Data

We keep Personal Data in line with our data retention policy. This enables us to comply with legal and regulatory requirements or use it where we need to for our legitimate purposes such as account management account and dealing with any disputes or concerns that may arise. For example, we’ll normally keep core banking data for a period of five years from the end of our relationship with a Client. We may need to retain Personal Data where we need the information to comply with regulatory or legal requirements or where we may need it for our legitimate purposes, e.g. to help us respond to queries or complaints, fighting fraud and financial crime, responding to requests from regulators, etc. If we don’t need to retain Personal Data information for this period of time, we may destroy, delete or anonymise it more promptly.

Rights of individuals

Individuals whose Personal Data we process, including Connected Persons, have a number of rights in relation to their Personal Data. These rights include:

  • the right to access Personal Data we hold about them and to obtain information about how we process it;
  • in some circumstances, the right to withdraw their consent to our processing of their Personal Data. In this case, we may continue to process Personal Data if we have another legitimate reason for doing so;
  • the right to request that we rectify their Personal Data if it’s inaccurate or incomplete;
  • in some circumstances, the right to request that we erase their Personal Data. We may continue to retain Personal Data if we’re entitled or required to retain it;
  • the right to object to, and to request that we restrict, our processing of their Personal Data in some circumstances. Again, there may be situations where we may be entitled or required to continue processing and / or to refuse that request.

Consequences of Processing

If we determine that a fraud or money laundering risk is posed, we may refuse to provide the services and credit requested or we may stop providing existing products and services to a Client or Connected Persons. A record of any fraud or money laundering risk will be retained by us, and may result in others refusing to provide services.

What we expect from Clients

Clients should ensure that any Personal Data they provide to us is accurate and up-to-date, and direct relevant individuals to this Privacy Notice and make sure they understand how we use their information as described in it prior to providing their Personal Data to us, or our obtaining their Personal Data from other sources. They should also draw their attention to the section on their rights.

How we keep Personal Data secure

We use internal technical and organisational measures to keep Personal Data safe and secure which may include encryption, and other forms of security measures. We require our staff and any third parties who carry out any work on our behalf to comply with appropriate compliance standards including obligations to protect any information and applying appropriate measures for the use and transfer of information.

More details about us

Individuals may request further information on any of the information above, or contact our Data Protection Officer, by writing to HSBC Continental Europe, Greece, 109-111, Messoghion Avenue 115 26, Athens Greece addressed “For the attention of the DPO”.

This Privacy Notice may be updated from time to time, and you’ll always be able to find the most recent version on this site.

Privacy Notices valid from 25th May 2018

Contact us

Call us on:

+30 210 696 2130