Skip to content
HSBC logoHSBC logo

How Your Credit Information is Used

This is designed to help you understand how your credit information is used by us in accordance with Article 31 of the Use and Protection of Credit Information Act and Article 27 of the Enforcement Decree of the Act.

Purpose of Use and Type of Credit Information

1. Purpose of Use

  • To establish financial relationship (including but not limited to financial services requested by you) or decide whether to maintain such relationship
  • Debt collection
  • Marketing
  • Other cases permitted by the Act or other applicable laws

2. Type of Credit Information

  • Personally Identifiable Information (PII): any information that could potentially identify a specific individual
    Name, Contact Number, Residence Registration Number (for foreigners, foreigner registration number, for compatriots with foreign nationality, domestic residence registration number, passport number, sex, nationality, etc.), Name of Corporation (including individual company and corporation), Business Registration Number, Corporation Registration Number, Name of Representative, etc.
  • Credit Transaction Information: any information that could potentially show credit transactions of a specific individual
    Type, period, amount, limit, etc, of commercial transactions including loan, guarantee, provision of collateral, current account transactions, credit card and installment financing
  • Information used to determine credit rating
    Information on default, bankruptcy, payment by subrogation Note 1, substitute payment Note 2) arising out of commercial transactions activities disrupting credit order by fraud, deception and other dishonest means (amount, date when it took place or was resolved)
  • Credit Worthiness Information: Information based on which you can determine an individual’s credit limit
    <Individual Customer>
    Occupation, property, debt, income, tax payment records, etc.
    <Corporate Customer>
    Information on a corporate including history, purpose, business performance, shareholding, CEO and executive information, important deals such as sales record, order lists or business contracts, financial information including financial statements, auditor’s opinion, tax payment records, etc.
  • Record with Public Organization
    Information on failure in tax (national tax, local tax, customs) and insurance premium (employment/industrial disaster insurance) payment, defaulter record, customers under debt workout program or credit recovery program, and customers exempted from liabilities due to bankruptcy, etc.

Note1) One party to make a payment hat is actually owed by another party

Note 2) Payment is made by a bank (or a government) providing payment guarantee in case where a debtor fails to make payment by due date

Purpose of Credit Information Provision, Party to Whom We Provide Credit Information, Type of Credit Information Provided

1. Purpose of provision and persons/institutions to whom information is provided

  • Collection of credit information to be provided to financial institutions: Credit Information Collection Agency (Korea Federation of Banks, Credit Finance Association, etc.), Credit Reference Agency (Seoul Credit Information Service, Korea Credit Bureau, Nice Information Service, etc.)
  • Public organizations requiring the information in accordance with the relevant laws and regulations: for the purpose set forth in the laws and regulations
  • Counterparty to product/service purchase agreement
No.
Purpose of Provision
Provided to
1
Title Insurance for Real Estate Mortgage Mortgage Credit Insurance
First American Title Insurance Company, Seoul Guarantee Insurance
2
Registration of real estate provided as collateral and check on the household which moved in the real estate, Debt collection (lawsuit, attachment, auction, etc.)
Woo Young Judicial Scrivener Office
3
Appraisal of real estate provided as collateral
Serve Appraisal Co Ltd
4
Asset Management Report
Korea Securities Depository
5
SMS
Standard Networks
6
Receipt of Audit Confirmation and provision of requested information
Korea Financial Telecommunications and Clearings
  • Foreign Regulatory Authorities, Head Office/ Affiliates
No.
Purpose of Provision
Provided to
1
Report, Approval, Audit, Examination, etc.
Hong Kong Monetary Authority, The Hongkong and Shanghai Banking Corporation Limited, and its affiliates
2
IT system operation, server management, supporting service, etc.
The Hongkong and Shanghai Banking Corporation Limited, and its affiliates
  • Service providers to whom the Bank outsourced part of its businesses
No.
Purpose of Provision
Provided to
1
Use of HSBC Connect
HSBC Technology Service Asia Pacific
2
SCDM (Security and Compliance Data Matching)
The Hongkong and Shanghai Banking Corporation Limited
3
OTC Derivatives CSA Collateral Margin Calculation
The Hongkong and Shanghai Banking Corporation Limited
4
Global Liquidity Management Service
HSBC Electronic Data Processing India Private Limited
5
CAMP (Customer Activity Monitoring Program)
HSBC Electronic Data Processing (Guandong) Ltd
6
HSBCnet Maintenance
HSBC Electronic Data Processing (Malaysia) Limited
7
Outsourcing of Nostro Account Reconciliation
HSBC Global Services (UK) Limited
8
Credit Risk Exposure Calculation
HSBC Electronic Data Processing India Private Limited
9
Back office affairs and Basic accounting service for Exotic OTC Derivatives
The Hongkong and Shanghai Banking Corporation Limited
10
Global Client Reporting
HSBC Electronic Data Processing (Malaysia) Limited
11
Electronic Financial Service
HSBC Electronic Data Processing India Private Limited
12
Collateral management under Regional CSA
The Hongkong and Shanghai Banking Corporation Limited
13
CVA Calculation
The Hongkong and Shanghai Banking Corporation Limited
14
Rate fixing
HSBC Global Services (UK) Limited
15
RID Off-shoring Project
HSBC Global Support Centre (Hyderabad Credit & Risk Centre of Excellence)
16
ORTT (Overseas Remittance Telegraphic Transfer)
HSBC Global Services (UK) Limited
17
IRTT CHARGE CLAIM
HSBC Global Services (UK) Limited
18
Part of Sub-Custody and Clearing
HSBC Electronic Data Processing (Philippines) Limited
19
Support for HSBC Group’s FSU/ IFS/ IDQ system service for FATCA and Global Standard related purposes
The Hongkong and Shanghai Banking Corporation Limited
20
TREATS system upgrade
The Hongkong and Shanghai Banking Corporation Limited
21
Introduction of COAS
HSBC Global Services (UK) Limited
22
Trust service for foreign currency assets
HSBC Institutional Trust Services (Asia) Limited
23
CCR RWA related affairs reported to PRA and HKMA
HSBC Electronic Data Processing India Private Limited
24
Sanctions Screening to MT500 (inter-bank message on stock trading)
HSBC Global Operations Company Limited
25
KYC/CDD related information processing (Global Standard)
HSBC Bank PLC
26
CTCR(Customer Tax Compliance Reporting) system to automatically generate FATCA and CRS report
The Hongkong and Shanghai Banking Corporation Limited and HSBC Software Development India
27
Sanctions Screening to MT 100 (Customer Payments & Cheques) and MT200 (Financial Institution Transfers)
HSBC Electronic Data Processing India Private Limited
28
Import / Export related affairs (including loan)
HSBC Electronic Data Processing India Private Limited
29
Granting access to WhatIF in relation to CVA calculation
The Hongkong and Shanghai Banking Corporation Limited
30
Six GUI Monitoring
HSBC Global Services Limited
31
OTC derivatives related back office affairs
HSBC Electronic Data Processing (Malaysia) Limited HSBC Electronic Data Processing India Private Limited HSBC Electronic Data Processing (Philippines) Limited
32
HSBCnet maintenance
HSBC Electronic Data Processing India Private Ltd
HSBC Electronic Data Processing (Guangdong) Limited
33
Debt collection
DAOL Credit Information
34
Investigation for Unusual Activity Report
HSBC Electronic Data Processing (Guangdong) Limited
35
Sanctions Screening to MT 100 (Customer Payments & Cheques) and MT200 (Financial Institution Transfers)
HSBC Electronic Data Processing(Guangdong) Limited
36
Market price check on import/export related products
HSBC Singapore Branch
37
Credit Limit Monitoring and Maintenance
HSBC Electronic Data Processing (Philippines) Limited
38
Trade validation - Vanilla products
HSBC Hong Kong GM Ops
39
Traded Credit Risk Control Korea
-HSBC Electronic Data Processing India Private Limited (Bangalore)
-HSBC Electronic Data Processing (Philippines) Limited (Manila)
40
CRS report material extracting system agreement
The Hongkong and Shanghai Banking Corporation Limited
41
Level 3 Anti Money Laundering Red Flag reviews for Trade Transaction
The Hongkong and Shanghai Banking Corporation Limited
42
Determining customer screening alerts and verifying the validity on the results
Determining transaction screening (remittance, securities, trade) alerts and verifying the validity on the results
The Hongkong and Shanghai Banking Corporation Limited
43
Performance Level Agreement on outsourcing of early warning activity
HSBC Electronic Data Processing India Private Limited (Hyderabad II)
44
Outsourcing of overseas remittance, overseas deposit and deposit/withdrawal relating to domestic transfer of foreign currency
HSBC Electronic Data Processing (Guangdong) Limited
45
Data Processing Agreement-CAMP Retail
HSBC Global Services (UK) Limited (UK ServCo)
46
GEEU (Global Exit Execution Utility)
GSC Bangalore & GEEU UK
47
Preparing materials on CARM
HSBC Electronic Data Processing India Private Limited
48
Quality assessment of CDD profile
HSBC Electronic Data Processing India Private Limited
49
Account opening and report/change of corporate deposit customers, account closing of corporate/individual customers, FATCA/CRS information input
HSBC Electronic Data Processing (Guangdong) Limited
50
Korean HSBCnet help desk
HSBC Electronic Data Processing (Guangdong) Limited
51
Sending email to customers regarding deposits/remittances
HSBC Electronic Data Processing (Guangdong) Limited
52
Determining transaction screening (remittance, securities, trade) alerts
The Hongkong and Shanghai Banking Corporation Limited Hong Kong Office(Level 3 Sanctions Center of Excellence)
53
Outsourcing of loan document management and execution for corporate customers and report preparation
HSBC Electronic Data Processing (Guangdong) Limited
54
Storage of data to be submitted to Monitors by HSBC Seoul branch
Intralinks and Ernst & Young LLP (Relativity)
55
CAMP (Customer Activity Monitoring Program)
HSBC Electronic Data Processing (Guangdong) Limited
56
OWS(Oracle Watchlist Screening) PEP (Political Exposed Person) Level 3 Screening
HSBC Electronic Data Processing India Private Limited
57
Calculation of allowance for bad debts based on IFRS 9
HSBC Electronic Data Processing India Private Limited
58
Project FAME
HSBC Global Services (UK) Limited
59
Project Oceanus (2)
HSBC Electronic Data Processing India Private Limited(Bangalore)
60
Surveillance of staff's telecommunications (including emails sent or received via the Bank's email account, records of Bloomberg or Reuter communication, call history) and financial transactions with customers
- The Hongkong and Shanghai Banking Corporation Limited (Head Office in Hong Kong)
- HSBC Global Services (UK) Limited & its related entities
61
Utilisation of Exit system to adopt standardized Group Exit procedures
HSBC Electronic Data Processing India Private Limited – GSC India
62
Utilization of TradeNet system to screen Trade transactions
HSBC Financial Crime Threat Mitigation Team, Hong Kong
63
Supply Chain Finance Platform (HSCF)
Kyriba Corporation
64
Introduction of Human Resources system
SAP Limited
65
Sanctions related investigation on abnormal transactions
The Hongkong and Shanghai Banking Corporation Limited)
66
Direct Custody and Clearing Outsourcing
Project)
1) Claim to customers
2) Account opening and notification
3) Basic management
4) Customer report generation
5) Fund and securities scrutinization
6) Customers’ transaction order input and reconciliation
7) Corporate Action
HSBC Electronic Data Processing (Malaysia) Sdn Bhd
67
Development and maintenance of Local Regulatory System (LRR)
HSBC Global Services (Hong Kong) Limited
68
OWS related alert level 3 (Material Screening Event)
HSBC Bank Middle East Limited (MENA SCoE or The MENA Sanctions Centre of Excellence)
69
Transfer of IT facilities from HBAP to HSBC Global Services Hong Kong Limited
HSBC Global Services Hong Kong Limited
70
Liquidity report
Google Ireland limited

71

Sub-Custody and Clearing for foreign investors
HSBC Electronic Data Processing (Philippines) Inc. (HDPP)

72

Cash and Securities Delivery Service
Brinks Korea

73

Supporting Service for Sub-Custody and Clearing
HSBC Electronic Data Processing (Malaysia) Sdn Bhd

74

Investigation of Abnormal Transactions in relation with Anti Bribery & Corruption
HSBC Electronic Data Processing India Private Limited.

75

Customer Sanction Screeening (Alert Level 3)
HSBC Electronic Data Processing India Private Limited (also known as GSC Hyderabad)

76

Back Office Service for Fund Business
HSBC Electronic Data Processing (Guangdong) Limited

77

Mortgage Processing
HSBC Electronic Data Processing (Guangdong) Limited
78
Reviewing Asset (including inventory ) as collateral Appraisal report and reviewing the related monthly asset based loan application
supplementary documents (Borrowing Base Certificate and Utilization request)
The Hongkong and Shanghai Banking Corporation, Hong Kong Branch
79
LCRF(Large Corporate Receivables Finance) data uploaded via HSBCnet being hosted and managed by Product Centre in HSBC Global Service UK
HSBC Global Service (UK) Limited (HGSU)
80
AWS Enterprise Agreement
Amazon Web Services, Inc.
81
Google Cloud Platform License Agreement
Google Ireland Limited
82
System for Trust asset custody & management
Koscom Fund Services Corporation
83
Nostro Account Management Unit
HSBC Global Resourcing Limited(UK)
84
Name Screening
HSBC China HDPG (Guangzhou)
85
Major Investigations QA
HSBC Global Services (Hong Kong) Limited
86
Moving Data, MI & Analytics development into Google Cloud Platform
'Google' through 'HSBC Electronic Data Processing India Private Limited'
87
List Governance Enterprise (LGE)
'Appian Software International LLC' through 'Dynamics HSBC Global Services (UK) Limited'
88
Microsoft Dynamics 365 for the Client Management Experience (CME) programme
'Microsoft' through 'HSBC Global Services (UK) Limited'
89
Quality assurance on alert level Adjudication
HSBC Electronic Data Processing (Guangdong) Limited (a.k.a. GSC GSC Guangzhou)
90
Wholesale Data and Analytics Platform
Google Cloud through HSBC Global Services (UK) Limited
91
Bribery and corruption management Associated Person
HSBC Electronic Data Processing India Private Limited.
92
Cloud storage of information on remittance and settlement
Google Ireland Limited
93
Cash and Securities Delivery Service
NICE CMS
94
Document preparation and submission for legal procedures
Woo Young
95
System implementation in relation with My Data service
NICE Information Service
96
Cognitive Automation 2.0
Google through HSBC Global Services (UK) Limited
97
STRATEGIC COLLATERAL PLATFORM
Google through HSBC Global Services (UK) Limited
98
Adobe Live Sign
Adobe Systems Software Ireland Limited
99
CIMT-Consolidated Issues Management Tool
Appian through HSBC Global Services UK Limited
100
Migration of QA process
GSC Bangalore (HSBC Electronic Data Processing India Private Limited)
101
QA on alert level 3
HSBC Electronic Data Processing India Private Limited (통칭 GSC Hyderabad)
102
Real time transaction inquiry service through Virtual Network Collection Service
COOCON Co, Ltd
103
Qvidian
Upland Software Inc
104
Acceptance and processing of customer request Through HSBCnet
Google
105
Automated genaeration of FATCA and CRS report - Client Tax Reporting (CTR) System
Deloitte LLP
106
Golden Eye
HSBC UK
107
IBOR replacement programme - ICCM Enquiry Center
AWS through HSBC Global Services (UK) Limited
108
DUCO-Global Reconciliations Utility
APPIAN SOFTWARE INTERNATIONAL LLC through HSBC GLOBAL SERVICES (UK) LIMITED
109
Thunderhead SAAS version
APPIAN SOFTWARE INTERNATIONAL LLC through HSBC GLOBAL SERVICES (UK) LIMITED
110
CIMT-Consolidated Issues Management Tool
Appian through HSBC Global Services UK Limited

2. Type of credit information to be provided

  • Personally Identifiable Information (PII)
  • Credit Transaction Information
  • Credit Worthiness Information
  • Public record, etc.

3. Security of Information

The Bank takes technical/managerial/physical measures to ensure safety of outsourced processing of credit information etc., in accordance with Article 5 Paragraph ② of the Regulation on Outsourcing of Information Processing of Financial Companies.

- Encryption of Information
The Bank keeps information or password of customers secure by powerful encryption methods. In order to keep important data secure, the Bank employees separate sophisticated security functions such as software to encrypt or lock files/data during data transfers.

- Technical Support to Prevent Hackers’ Attack
The Bank has established security programs to prevent information from being leaked or damaged by hackers’ attacks or computer viruses and checked and updated the programs on a regular basis. The information processing systems are established in a restricted area and technical/physical measures are taken in order to monitor and to control access.

- Access Control of Information Processing System
By granting, changing or canceling authority to access the database system to process information, the Bank strictly controls access to information. In addition, the Bank employs sophisticated fire-walls to control unauthorized access to the system.

- Supervision of Information Managers
The Bank is granting access to the information processing system to a minimum number of employees who need to carry out the processing for their duties (“information managers”) and also keeps the scope of processing information to a minimum required for the business.

The Bank is supervising the information managers by having them submit a security agreement, etc. If an information manager is transferred to other position, the Bank makes change to his/her access authority to information as appropriate.

Retention, Use and Destruction of Credit Information

1. Retention of credit information: We use your credit information solely for the purpose of screening loan applications or following up loans provided, and we shall separately obtain your consent to use your credit information for other purposes. We use the information which may cause disadvantage to customers including but not limited to overdue payment record for the period of maximum 5 years from the date when the cause for such disadvantage is cleared up. When it comes to credit information provided by credit information companies, we use such information in compliance with the period prescribed in Credit Information Management Rule of the applicable credit information company.

2. Destruction of credit information: We shred or burn up paper copies containing credit information while deleting electronic files containing credit information by using technical means disabling restoration of the content.

Your Right to Credit Information

1. Right to Request Inquiry on the Use and Provision of Your Credit Information

- You are entitled to request in writing the statement on the use and provision of your credit information by the Bank for the recent three (3) years or visit the Bank to inquire about the followings (However, this shall not apply if the Bank uses the information for internal business management purposes or provides it for outsourcing repeatedly.) Expenses directly incurred in connection with the inquiry may be borne by you and the Bank shall retain the information inquired by you for three (3) years.

In case where the Bank used personal credit information: who used the information, what was the purpose of such use, date of the use, content of the credit information used, retention period and period of use of your credit information, etc.

- In case where personal credit information was provided: who provided the information, to whom it was provided, purpose of provision, date of provision, content of the information provided, period of retention and use of your credit information, etc.

2. Right to Request to Notify Any Use and Provision of Your Credit Information

Upon your request, the Bank shall notify you of the matters under Paragraph 1 when using or providing your credit information, and from the time it receives the request, the Bank shall notify the use and provision of your credit information on a regular basis. The cost directly incurred in relation to the notification may be borne by you, and the Bank shall retain the information notified to you for three (3) years.

3. Right to Withdraw Consent to Provision and Use of Your Credit Information

- You are entitled to withdraw consent to provision of your credit information for purposes other than evaluation of wired/wireless communication, writing, and personal creditworthiness by providing it to a personal credit rating company, individual business credit rating company, or credit information concentration agency; Provided, that where it becomes difficult to perform a contract or serve the purposes of determining whether to establish and maintain a commercial relationship, including failure to perform certain services agreed with you, unless the personal credit information concerned is provided to another credit information provider/user that has not obtained his/her consent, if you intend to revoke consent, you shall clarify your intention not to be provided with the services concerned, and may not apply for withdrawal of consent for three months from the date of contract conclusion.

- You may withdraw your consent even if you have consented to the use of your credit information for marketing purposes.

4. Right to Request ‘Do-Not-Call’

- You are entitled to request the Bank and its affiliated companies to not call you for the purpose of introducing products or services or soliciting purchases through wired/wireless communication, in writing, or by visiting the Bank, and the Bank shall act upon the request within one (1) month from the date of receipt of the request. However, you cannot make ‘Do-Not-Call’ request for three (3) months from the date of contract conclusion.

5. Right to Request View, Correction and Deletion of Your Credit Information

- You are entitled to request to print out or show your credit information held by the Bank after confirmation that you are the owner of the credit information by presenting a document indicating your identity or by using means that ensures the safety and reliability of identity verification.

- If you find your credit information held by the Bank is incorrect, you may request correction thereof.

- If the Bank deems that there is a justifiable reason for the correction request, it shall stop providing and using the credit information concerned, without delay, and examine as to whether it is true. If such information turns out to be incorrect or unverifiable, the credit information shall be deleted or corrected.

- You may request the deletion of optional information after three (3) months from the end of commercial relationship including financial transactions, and may request deletion of essential information after five (5) years have elapsed.

6. Right to Request Notification of Credit Information Giving Rise to Refusal of Commercial Transaction

- Where the Bank refuses or cancels a commercial transaction relationship with its counterparty on the basis of personal credit information, which has been provided by a personal credit rating agency, an individual business credit rating agency or a credit bureau and a credit information collection agency, the Bank shall, upon the request of the relevant owner of credit information, notify the relevant owner of credit information of the credit information that gave rise to the refusal or cancellation thereof and the name, address, and phone number of the personal credit rating agency, the individual business credit rating company, the credit bureau or the credit the information concentration agency that provided the credit information, etc.

7. Right to Request Explanation on Automated Evaluation Results and Right to Raise Objection thereon

- You are entitled to request the Bank to explain whether or not automated evaluation is carried out for your credit evaluation, the results of the automated evaluation, the main criteria for automated evaluation, and an overview of the basic information used in the automated evaluation.

- You may request the submission of information that is deemed advantageous to the calculation of the results of the automated evaluation, and if you determine that the basic information used for the automated evaluation is not accurate or up-to-date you may request correction or deletion of the basic information or re-calculation of the results of automated evaluation.

8. Right to Request Your Personal Credit Information and Withdraw It

- You are entitled to request your personal credit information in electronically processible form and may withdraw your request.

※ How to Apply for the Aforementioned Rights

- Those who provided credit information of their own through events or campaigns may apply for the aforementioned rights via telephone.

- The existing customers of the Bank may apply for the rights by visiting the Seoul Branch Office of the Bank and present a proof of identity or using other means that ensures the safety and reliability of identity verification. The legal representative of a child under the age of 14 can exercise rights related to personal credit information on behalf of the child.

-Request in writing

Please visit any branch of the Bank and submit "ReportㆍChangeㆍIssuance Request" with your ID card

Right to Request to Show Your Credit Information for Free

In addition to the aforementioned rights, you are entitled to request credit rating agencies below to print out or show your credit information at no cost within a certain limit. For more information, please contact the credit rating agencies.

Installation, Operation and Rejection of the Automatic Personal Information Collection Device

To analyze the number of visits to the website and general usage patterns of users, the related information is recorded and some of this information may be collected through the use of "cookies". A cookie is a small amount of information that is automatically stored in a web browser on a personal computer, and the Bank uses cookies for user authentication while the user accesses the website. Users have the option to install cookies, and can select options such as accepting all cookies in the user's web browser, checking each time a cookie is saved, or refusing to save all cookies.

- Example of setting method (in case of Internet Explorer): Tools at the top of the web browser > Internet Options > Personal Information

- If a user refuses to install cookies, there may be difficulties in providing the service.

Remedies for Infringement of Your Rights and Interests

If you need to report or have consultation on infringement of personal (credit) information, please contact the following organizations.

< Contact details >
* Personal Information Dispute Mediation Committee: ☎ 02-1833-6972 / www.kopico.go.kr
* Personal Information Infringement Report Center of the Korea Internet & Security Agency: ☎ 118 without area code / privacy.kisa.or.kr
* OPA (Online Privacy Alliance) PRIVACY: ☎ 02-580-0533~4 / www.eprivacy.or.kr
* Cyber Investigation Division of the Supreme Prosecutors' Office: ☎ 1301 without area code / www.spo.go.kr
* Cyber Security Guard of the National Police Agency: ☎ 182 without area code / cyberbureau.police.go.kr
* NICE (Inc.): ☎ 1588-2488 www.mycredit.co.kr
* Korea Information Service (Inc.): ☎ 02-3771-1004 www.creditbank.co.kr
* Seoul Credit Rating & Information (Inc.): ☎ 02-846-5000 www.siren24.com

Credit Information Protection Officer/Manager

Credit Information Protection Officer

  • Name: Thomas De Montmarin
    Department: RISK, The Hongkong and Shanghai Banking Corporation Seoul Branch
    Contact: E-mail <thomas.de.montmarin@hsbc.com> HSBC Building #37, Chilpae-ro, Chung-Ku, Seoul

Credit Information Protection Manager

  • Name: Jun Sung Oh
    Department: RISK, The Hongkong and Shanghai Banking Corporation Seoul Branch
    Contact: E-mail <jun.sung.oh@kr.hsbc.com>, HSBC Building #37, Chilpae-ro, Chung-Ku, Seoul