We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the German Data Protection Act (BDSG):
a. For the fulfilment of contractual obligations (Art. 6 (1) b GDPR)
Personal data is processed (Art. 4 (2) GDPR) for the purpose of fulfilling our contracts with our customers and business partners or to conduct steps, upon request, prior to entering into a contract.
b. As part of the balancing of interests (Art. 6 (1) f GDPR)
If necessary, we will process data that goes beyond what is necessary simply for the fulfilment of the contract in order to safeguard our own, or a third party's legitimate interests. Examples:
- Needs analyses with a view to contacting customers or prospects directly,
- Marketing, unless you have objected to the use of your data,
- Assertion of legal claims and defence in the event of legal disputes,
- Guaranteeing IT security and IT operations,
- Prevention and investigation of criminal offences,
- Building and site security measures (e.g. access controls),
- Measures to guarantee the domestic authority,
- Measures related to business management and the further development of products and services.
c. Based on your consent (Art. 6 (1) a GDPR)
If you have given us your consent to process personal data for specific purposes (e.g. to allow a phone call to be recorded or for you to be contacted by a prospective customer as a reference), the processing of this data is lawful on the basis of your consent. Consent can be withdrawn at any time. This also applies to the withdrawal of declarations of consent granted to us before the entry into force of the General Data Protection Regulation, i.e. before 25 May 2018. Please note that this withdrawal of consent is not retroactive. Data processing that took place before consent was withdrawn is not affected.
d. On the basis of statutory provisions (Art. 6 (1) c GDPR) or in the public interest (Art. 6 (1) e GDPR)
We are also subject to a range of legal obligations, i.e. statutory requirements (under the German Anti-Money Laundering Act (GwG) and tax legislation, for example). Data is processed for purposes including identity checks, prevention of fraud and money laundering, the fulfilment of monitoring and reporting obligations under tax law, and the evaluation and management of risks within HSBC Transaction Services GmbH and the HSBC Group.