Skip to content

Our Privacy Notice for Swiss business customers

Effective from 15th of December 2025

1. Before we begin

This notice (Privacy Notice) applies to information held about you and persons connected to your business by HSBC Bank plc, London, Zurich branch as data controller, as described below. It explains what information we collect about you and individuals who are connected to your business, how we’ll use that information, who we’ll share it with, the circumstances when we’ll share it, and what steps we’ll take to make sure it stays private and secure.

It continues to apply even if your agreement for banking, or other products and services with us, ends. It should also be read alongside your banking terms and conditions (or other applicable product or service terms and conditions), as these may include sections relating to the use and disclosure of personal data.

This Privacy Notice covers any commercial banking products or services you have with us, including savings, loans, credit cards, commercial mortgages, investments, trade finance, invoice financing, asset financing and payment services. Sometimes we may need to provide you with separate or further information about specific products and services. This will also apply if you have a relationship with other entities of the HSBC Group in any other countries. These entities will provide you separately with information on the processing of personal data, where required.

Some of the links on our websites lead to other HSBC or non-HSBC websites with their own privacy notices, which may be different to this notice. You’ll need to make sure you’re happy with their privacy notices when using those sites.

Wherever we’ve said ‘you’ or ‘your’, this means you, any person authorised to act on your account, anyone who does your banking or deals with us for you (eg trustees or executors, representatives under a power of attorney) and other related people (including authorised signatories, partners, members, trustees and beneficiaries of payments).

This notice relates to legal entities and to individuals, which includes individuals whose business does not have a separate legal identity (e.g. sole proprietorships and partners in a general partnership) and persons (legal entities / individuals) connected to your business.

An individual connected to your business could be any guarantor, a director, officer or employee of a company, partners or members of a partnership, any substantial owner, controlling person, or beneficial owner, trustee, settlor or protector of a trust, account holder of a designated account, recipient of a designated payment, your attorney or representative (e.g. authorised signatories), agent or nominee, or any other persons or entities with whom you have a relationship that’s relevant to your relationship with us.

Before you (or anyone on your behalf) provide information about a person connected to your business to us, or an entity of the HSBC Group, you must ensure that you have a justification (e.g. legitimate interest or consent of the relevant person). You must also ensure that such person has been provided with this notice, which explains the way in which his/her/its information will be processed and his/her/its rights in relation to his/her/its information.

When we say ‘we’, we mean HSBC Group companies which act as a data controller in respect of your personal data. Unless otherwise stated below, the data controller for the purposes of this notice will be HSBC Bank plc, London, Zurich branch.

The address for HSBC Bank plc, London, Zurich branch is Gartenstrasse 26, 8002 Zurich, Switzerland. If you’d like to get in touch with us, you can also find contact details below.

When you have a contractual relationship with another HSBC Group company, this entity will act as a data controller for the personal data collected in relation to the product or service it provides you with and such processing of personal data will be governed by the privacy notice (or equivalent document) of such HSBC Group company.

2. What information do we collect relating to you and persons connected to your business?

We’ll only collect your information and information relating to persons connected to your business, in line with relevant regulations and law. We may collect it from a range of sources and it may relate to any of our products or services you apply for, currently hold or have held in the past. We may also collect information about you and persons connected to your business when you or they interact with us, e.g. visit our websites or mobile channels, call or visit us, or ask about any of our products and services.

Some of this information will come directly from you and persons connected to your business, eg when providing ID to open an account. It can also come from your financial advisor, solicitor, broker or other intermediary, other HSBC Group companies, or other sources you’ve asked us to obtain information from. We might also get some of it from publicly available sources.

The information we collect may include:

Information relating to you and persons connected to your business that you provide to us, or which others provided to us on your behalf eg:

  • where you’re an individual, personal details (eg name, previous names, gender, date and place of birth). We’ll also collect this information about persons connected to your business;
  • contact details (eg address, email address, position in company, landline and mobile numbers);
  • information concerning your identity including where you’re an individual and in the case of persons connected to our business, photo ID, passport information, National Insurance number, National ID card and nationality;
  • market research (eg information and opinions expressed when participating in market research);
  • user login and subscription data (eg login credentials for phone and online banking and mobile banking apps);
  • other information about you and persons connected to your business that you've provided to us by filling in forms or by communicating with us, whether face-to-face, by phone, email, online, or otherwise;

Information we collect or generate about you and persons connected to your business eg:

  • your financial information and information about your relationship with us, including the products and services you hold or receive, the channels you and the persons connected to your business use and your and their ways of interacting with us, your ability to get and manage your credit, your payment history, transaction records, bank feeds, market trades, sort code and account numbers of customers’ accounts, payments into your account including information concerning complaints and disputes and full beneficiary name, address and details of the underlying transaction;
  • information we use to identify and authenticate you and the persons connected to your business (eg signature and biometric information, such as voice for voice ID and additional information that we receive from external sources that we need for compliance purposes);
  • information included in customer documentation (eg a record of advice that we may have given you);
  • marketing and sales information (eg details of the services you receive and your contact preferences);
  • cookies and similar technologies we use to recognise you and persons connected to your business, remember preferences and tailor the content we provide (our cookie policy contains more details about how we use cookies and can be found at https://www.hsbc.ch/en-gb/cookie-policy-page);
  • risk rating information (eg credit risk rating, transactional behaviour and underwriting information);
  • investigations data (eg due diligence checks, sanctions and anti-money laundering checks, external intelligence reports, content and metadata related to relevant exchanges of information between and among you and individuals, organisations, including emails, voicemail, live chat);
  • records of correspondence and other communications between you and your representatives and us, including email, live chat, instant messages and social media communications;
  • information that we need to support our regulatory obligations (eg information about transaction details, detection of any suspicious and unusual activity and information about parties connected to you or these activities).

Information we collect from other sources relating to you and persons connected to your business, eg

  • information you’ve asked us to collect for you (eg information about your accounts or holdings with other companies including transaction information);
  • information from third party providers (eg information that helps us to combat fraud or that relates to social interactions (including communications via social media, between individuals, organisations, prospects and other stakeholders acquired from companies that collect information)).

3. How we’ll use your information and information relating to persons connected to your business

We’ll only use information on you and persons connected to your business where we have consent or we have another justification for using it. These justifications include where we:

  • need to pursue our legitimate interests (as further detailed in the Appendix 1);
  • need to process the information to carry out an agreement we have with you;
  • need to process the information to comply with a legal obligation;
  • believe the use of information as described is in the public interest (eg for the purpose of preventing or detecting crime);
  • need to establish, exercise or defend our legal rights; and

More generally, the reasons we use your information and information relating to persons connected to your business include:

  • implementing the onboarding process (including the relevant Know Your Customer verifications
  • delivering our products and services;
  • carrying out your instructions (eg to fulfil a payment request);
  • communicating with you;
  • carry out checks in relation to your creditworthiness (it is being noted that we do not perform any creditworthiness checks on individuals), managing our relationship with you, including telling you about products and services we think may be relevant for you (unless you tell us to refrain from doing so / see Section "Marketing and market research" below);
  • understanding how you use your accounts and services;
  • providing banking operations support;
  • preventing or detecting crime including fraud and financial crime (eg financing for terrorism and human trafficking);
  • investigating and resolving complaints;
  • providing security and business continuity;
  • undertaking risk management;
  • providing online banking, mobile apps and other online product platforms;
  • undertaking product and service improvement;
  • undertaking data analytics to better understand your circumstances and preferences so we can make sure we can provide you with advice and offer you a tailored service;
  • protecting our legal rights and complying with our legal obligations;
  • corresponding with solicitors, surveyors, valuers, other lenders, conveyancers and third party intermediaries;
  • undertaking system or product development and planning, insurance, audit and administrative purposes;

Further details of how we’ll use your information can be found in the Appendix 1 below.

How we make decisions about you

We may use technology that helps us identify the level of risk involved in customer or account activity (eg for credit, fraud or financial crime reasons, or to identify if someone else is using your card without your permission).

We may also use automated systems to help us make decisions (eg when you apply for products and services, to make credit decisions and to carry out fraud and money laundering checks), but we do not engage into automatic decision making (i.e., the taking of decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you).

Tracking or recording what you say or do

To help keep you and your funds safe, we may record details of your interactions (and the interactions of the persons connected to your business) with us. We may record and keep track of conversations with us including phone calls, face-to-face meetings, letters, emails, live chats, video chats and any other kinds of communication

We may use these recordings to check your instructions to us, assess, analyse and improve our service, train our people, manage risk or to prevent and detect fraud and other crimes. We may also capture additional information about these interactions (eg telephone numbers that we are called from and information about devices or software that are used).

We use closed circuit television (CCTV) in and around our sites and these may collect photos, videos or voice recordings of you and the persons connected to your business.

Compliance with laws and regulatory compliance obligations

We’ll use your information and information relating to persons connected to your business to meet our compliance obligations, to comply with laws and regulations that HSBC Group companies are subject to and to share with our regulators and other regulators and authorities.

This may include using information to help detect or prevent crime (including terrorism financing, money laundering and other financial crimes). We’ll only do this on the basis that it’s needed to comply with a legal obligation or it’s in our legitimate interests and that of others

Marketing and market research

We may process your information, and information relating to persons connected to your business, to provide you with information about HSBC products and services and, upon request, information about products and services offered by our business partners and other third parties

We may send marketing messages by post, email, telephone, text or secure messages. If you or persons connected to your business wish to change how marketing messages are sent or wish to stop receiving these, please contact us in the usual way (please note the contact information at the end of the privacy notice)

It may take us a short period of time to update our systems and records to reflect requests to stop receiving marketing messages, during which time you and persons connected to your business may continue to receive marketing messages. Even if you tell us not to send marketing messages, we’ll continue to use contact details to provide important information, such as changes to our terms and conditions or if we need to tell you, or persons connected to your business, something to comply with our regulatory obligations.

We may use your information and information relating to persons connected to your business for market research and to identify trends. Subject to the legal and regulatory framework applicable to us, market research agencies acting on our behalf may get in touch with you or persons connected to your business by post, telephone, email or other methods of communication to invite you or them to take part in research. We won’t invite you or persons connected to your business to take part in research using a communication method if you (or they) have asked us not to get in touch that way. Any responses that are provided whilst participating in market research will be reported back to us anonymously unless you or the persons connected to your business give us permission for the relevant details to be shared.

Use of AI Applications

We may use tools based on artificial intelligence (“AI”), including, but not limited to, large language models (“LLMs”), machine learning (“ML”), as well as any other similar or emerging technologies (collectively, the “AI Applications”).

For the purposes of this Notice, AI Applications refer broadly to any automated or autonomous system capable of adapting its behaviour after deployment, and generating outputs – such as predictions, recommendations, analyses or content – based on collected and/or interpreted data. These AI Applications may be:

  • provided, hosted and/or maintained by external service providers;
  • developed, hosted, trained and/or operated directly by us; or
  • implemented jointly involving us and one or more third parties. The provisions of this Notice relating
    to AI Applications apply uniformly to each of these deployment models. These AI Applications may be
    used by us for various purposes, including but not limited to:
  • the optimisation of services and customer experience, including through personalised offerings or
    automated assistance;
  • the analysis and processing of data, whether personal or non-personal, for research purposes, product
    improvement or targeted communication;
  • the development and maintenance of software solutions, testing activities or anomaly detection; and the performance of recurring or operational tasks involving text, images or other types of content (e.g., summarisation, translation, research or administrative support). We ensure a responsible and controlled use of such AI Applications and implement appropriate risk-management measures, in particular those associated with algorithmic bias, processing errors or potential inaccuracies in the outputs produced.

For the avoidance of doubt, the provisions of the remainder of this Notice apply, to the extent possible, to our use of AI Applications.

4. Who we might share information with

Subject to the legal and regulatory framework applicable to us, we may share your information and information relating to persons connected to your business with others where lawful to do so including where we:

  • need to in order to provide you with products or services you’ve requested (eg fulfilling a
    payment request);
  • have a public or legal duty to do so (eg to assist with detecting and preventing fraud, tax evasion
    and financial crime);
  • need to in connection with regulatory reporting, litigation or asserting or defending legal rights
    and interests;
  • have a legitimate business reason for doing so (eg to manage risk, verify identity, enable another
    company to provide you with services you’ve requested, or assess your suitability for products
    and services);
  • have asked you (or the persons connected to your business through you) for your permission
    to share it, and you (on your behalf and on behalf of the persons connected to your business)
    have agreed.

Subject to the legal and regulatory framework applicable to us, we may share your information and information relating to persons connected to your business for the following purposes with others, including:

  • other HSBC group companies and any sub-contractors, agents or service providers who work
    for us or provide services to us or other HSBC Group companies (including their employees, subcontractors, service providers, directors and officers);
  • any trustees, beneficiaries, administrators or executors;
  • people who give guarantees or other security for any amounts you owe us;
  • people you make payments to and receive payments from;
  • your beneficiaries, intermediaries, correspondent and agent banks, clearing houses, clearing or settlement systems, market counterparties and any companies you hold securities in through us (eg stocks, bonds or options);
  • your auditors (or equivalent bodies);
  • other financial institutions, lenders and holders of security over any property or assets you
    charge to us, tax authorities, trade associations, credit reference agencies, payment service
    providers and debt recovery agents;
  • any financial institutions who provide asset management services to you and any brokers who
    introduce you to us or deal with us on your behalf;
  • any entity that has an interest in the products or services that we provide to you, including if
    they take on the risk related to them;
  • any people or companies where required in connection with potential or actual corporate
    restructuring, merger, acquisition or takeover, including any transfer or potential transfer of any
    of our rights or duties under our agreement with you;
  • law enforcement, government, courts, dispute resolution bodies, our regulators, auditors and
    any party appointed or requested by our regulators to carry out investigations or audits of our
    activities;
  • other parties involved in any disputes, including disputed transactions;
  • fraud prevention agencies who’ll also use it to detect and prevent fraud and other financial
    crime and to verify your identity;
  • anyone who provides instructions or operates any of your accounts, products or services on
    your behalf (eg power of attorney, solicitors, intermediaries, etc.);
  • anybody else that we’ve been instructed to share your information with by you, or anybody else
    who provides instructions or operates any of your accounts on your behalf;
  • our card processing supplier(s) to carry out credit, fraud and risk checks, process your payments,
    issue and manage your card (when applicable).

Sharing aggregated or anonymised information

We may share aggregated or anonymised information within and outside of the HSBC Group with partners such as research groups, universities or advertisers. Neither you nor persons connected to your business will be able to be identified from this information (e.g. we may share information about general spending trends in Switzerland to assist in research).

5. How long we’ll store information

We’ll store information in line with our data retention policy. For example, we’ll normally keep your core banking data for a period of ten years from the end of our relationship with you. This enables us to comply with legal and regulatory requirements or to use your information where we need to for our legitimate purposes such as managing your account and dealing with any disputes or concerns that may arise.

We may need to retain information for a longer period where we need the information to comply with regulatory or legal requirements or where we may need it for our legitimate purposes (e.g. to help us respond to queries or complaints, fighting fraud and financial crime, responding to requests from regulators, etc.).

If we don’t need to retain information for this period of time, we may destroy, delete or anonymise it more promptly.

6. Transferring information overseas

Your information and information relating to persons connected to your business may be transferred to and stored in locations outside Switzerland, respectively the European Economic Area (EEA), including countries that may not have the same level of protection for personal information. When we do this, we’ll ensure it has an appropriate level of protection and that the transfer is lawful. We may need to transfer information in this way to carry out our contract with you, to fulfil a legal obligation and/or to protect the public interest. In some countries the law might compel us to share certain information (eg with tax authorities).

The list of countries to which your personal data can be transferred is set out in Appendix 2.

You can obtain more details of the protection given to your information (and information relating to persons connected to your business) when it’s transferred outside Switzerland (including an overview of the protection mechanisms put in place) by contacting us using the details in the ‘More details about your information and information about persons connected to your business’ section below.

7. Rights of individuals

Subject to the legal and regulatory framework applicable to us, individuals have a number of rights in relation to the information that we hold about them. These rights include:

  • the right to access information we hold about them and to obtain information about how we process it;
  • in some circumstances, the right to withdraw their consent to our processing of their information, which they can do at any time. We may continue to process their information if we have another justification for doing so;
  • in some circumstances, the right to receive certain information they have provided to us in an electronic format and/or request that we transmit it to a third party;
  • the right to request that we rectify their information if it’s inaccurate or incomplete;
  • in some circumstances, the right to request that we erase their information. We may continue to retain their information if we’re entitled or required to retain it (for example under document retention obligations applicable to us); and
  • the right to object to, and to request that we restrict, our processing of their information in some circumstances. Again, there may be situations where individuals object to, to ask us to restrict our processing of their information but we’re entitled to continue processing their information and/or to refuse request(s).

Individuals (including persons connected to your business) can exercise their rights by contacting us using the details set out in the ‘More details about your information and information relating to persons connected to your business’ section below. Individuals also have a right to contact the Swiss Data Protection and Information Commissioner (https://www.edoeb.admin.ch/edoeb/en/home.html) or the data protection supervisory authority in the country where they live or work.

8. What we need from you

You’re responsible for making sure the information you give us, information which is provided by persons connected to your business, or information which is otherwise provided on your behalf is accurate and up to date, and you must tell us if anything changes as soon as possible.

9. How we keep information secure

We use a range of measures to keep your information safe and secure which may include encryption and other forms of security. We require our staff and any third parties who carry out any work on our behalf to comply with appropriate compliance standards including obligations to protect any information and applying appropriate measures for the use and transfer of information.

10. More details about your information and information relating to persons connected to your business

You and persons connected to your business can obtain further information on anything we’ve said in this Privacy Notice in contacting us at HSBC Bank plc, London, Zurich branch Gartenstrasse 26, 8002 Zurich, Switzerland, or by sending mail on address hbchprivacynotice@hsbc.com.

This Privacy Notice may be updated from time to time and the most recent version can be found at https://www.hsbc.ch/en-gb/privacy.

Appendix 1 – How we process information about you and persons connected to your business

We’ll use your information and information about persons connected to your business for the following purposes:

  • to deliver our products and services: to administer your accounts, provide you our services, process your transactions, record our interactions (eg via emails, videoconferences, phone calls or meetings) and invoice our services. We’ll do this in order to perform our contract with you;
  • to provide banking operations support: to enable the provision and function of our banking services (eg deposit, financing transactions, provision of guarantees) in line with regulation, laws and customer rights and interests (eg complaints management and exit management), including business continuity management, tax reporting obligations (in respect of your our tax obligations) linked to the banking operations, ensuring that the information we have in respect of you and the persons connected to your business is accurate and up-to-date and recording your instructions (eg in the form of physical documents, electronic correspondence or correspondence executed digitally). We do this to comply with our legal obligations, to perform our contract with you and because it’s in our legitimate interest;
  • to prevent and detect crime (eg fraud, bribery, terrorist financing, cyberattacks and money laundering): this will include monitoring, mitigation and risk management, carrying out customer due diligence, name screening, transaction screening and customer risk identification (including in respect of politically-exposed persons, persons subject to sanctions, persons we have decided to no longer conduct business activities with and adverse media screening) and responding to regulatory and judicial authorities. We do this to comply with our legal obligations and because it’s in our legitimate interest. We may share your information and information relating to persons connected to your business with relevant agencies, law enforcement and other third parties where the law allows us to do so for the purpose of preventing or detecting crime. Additionally, we and other financial institutions may take steps to help prevent financial crime and manage risk. We’ll do this because we have a legitimate interest, a legal obligation to prevent or detect crime or if it’s in the public interest. We may be required to use your information and information relating to persons connected to your business to do this, even if you or they have asked us to stop using your/their information. That could include (among other things):
    • screening, intercepting and investigating any payments, instructions or communications you send or receive (including drawdown requests and application forms);
    • investigating who you’re paying or who’s paying you (eg checks on payments into and out of your account and other parties related to those payments);
    • passing information to relevant agencies if we think you, persons connected to your business and others acting on your behalf have given us false or inaccurate information, or we suspect criminal activity or we are obliged to do so under the laws and regulations applicable to us;
    • combining the information, we have about you and information relating to persons connected to your business with information from other HSBC Group companies to help us better understand any potential risk;
    • checking whether the people or organisations you’re paying or receiving payments from are who they say they are, and aren’t subject to any sanctions.
  • to undertake risk management: to measure, detect and prevent the likelihood of financial, reputational, legal, compliance or customer risk. This includes credit risk (on an aggregate and individual basis), trading risk, operational risk, sanctions risk and insurance risk (eg for underwriting or claims management purposes). We’ll do this because we have a legitimate interest in ensuring that we carry out a proper risk assessment prior to providing credit or other finance;
    • to provide online banking, mobile apps and other online product platforms: to allow us to provide you (and those you authorise) with access to HSBC online platforms and mobile apps. The platform may allow you and your authorised users to directly or indirectly communicate with us, apply for products and services online and verify customer ID and proof of address. The lawful basis for using your information and information relating to persons connected to your business for this purpose is to perform our contract with you or that processing for this purpose is in our legitimate interest;
  • to provide product and service improvement: to identify possible service and product improvements by analysing your information and information relating to persons connected to your business. Where we provide you with aggregated information services, we’ll use your information and information relating to persons connected to your business to understand how you use these products which may include your transactional information from other financial institutions to help improve our products and services. The lawful basis for processing your information and information relating to persons connected to your business for this purpose is our legitimate interest. We do this to improve our products and services to best meet the needs of our customers;
  • to undertake data analytics and to provide tailored services: to identify relevant opportunities to promote products and services to existing or prospective customers by analysing your information and information relating to persons connected to your business. This may include reviewing historical customer transactional behavior, comparison of customer activity or (to the extent such information is available to us) it may include an analysis of your transactional information from other financial institutions. We do this to help us provide you with products and services we think will be of most relevance to you. The lawful basis for using your information and information relating to persons connected to your business in this way is our legitimate interest;
  • to undertake marketing: to provide you with information about HSBC products and services, and, upon request, information about products and services offered by our business partners and other third parties. The lawful basis for this is our legitimate interest. We may need your consent (or the consent of persons connected to your business) to communicate by certain channels and we’ll always make sure we get this where we need to. You and the persons connected to your business can change your mind on how you receive marketing messages or choose to stop receiving them at any time. To make that change, contact us in the usual way (please note the contact information at the end of the privacy notice). We will implement your request as rapidly as possible, but please note that an immediate implementation is generally not possible for operational reasons;
  • to protect our legal rights: to protect our legal rights, eg in the case of defending or protecting legal rights and interests (eg collecting money owed, enforcing or protecting our security or defending rights of intellectual property); court action; regulatory investigations, internal reviews, managing complaints or disputes; operating our whistleblowing system; operating our data loss prevention system, in the event of a restructuring of companies or other mergers or acquisitions. This may be in connection with action taken against you or other persons (eg joint borrowers or persons who give a guarantee or other security for your obligations to us). We’d do this on the basis that it’s in our legitimate interest.

Appendix 2 – Countries of Destination

Your personal data may be transferred by us, as part of our ordinary commercial activities and depending upon the services and/or products you use, to the following countries:

(i) Countries within the European Economic Area (Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain and Sweden, the “EEA”);

(ii) Other countries recognized by Switzerland as providing adequate privacy protection (for a list of these countries, please see https://www.fedlex.admin.ch/eli/cc/2022/568/fr#annex_1);

(iii) Countries where other HSBC group entities / branches / representative offices are established (for a complete list, see: Contact us: Global Businesses and Offices | HSBC Holdings plc;

(iv) Countries whose national authorities oversee our activities.

Some of the countries referred to under (iii) and (iv) do not benefit from data protection regulations that have been recognized as being “adequate” (i.e., comparable standard) from a Swiss data protection perspective. When we transfer your personal data to such countries, we will implement appropriate safeguards in accordance with applicable law, as described in this Privacy Notice (e.g., implementation of standard contractual clauses).

Furthermore, please note that your Personal Data may be communicated to other countries depending upon the instructions that the account holder (or an authorized representative) gives to the Bank. For example, in the context of a payment instruction in a currency other than CHF, the Bank must communicate Personal Data pertaining to the instructing party to the corresponding bank located outside of Switzerland. Likewise, certain Personal Data pertaining to the investor may have to be communicated outside of Switzerland in the context of investments in certain collective investment schemes.

Privacy notice

Our Privacy Notice for Swiss business customers (PDF, 628KB)

Contact us

Please contact your Relationship Manager or visit our Contact us page here.