Top of Page

Personal Information and Privacy Protection Policy

Personal Information and Privacy Protection Policy

Revision Date:  16 Feb 2024

Effective Date:  24 Feb 2024

Historic Version

In order to fully protect the rights of users, according to the relevant provisions of the “Personal Information Protection Law of the People’s Republic of China” and the service situation of HSBC Life Insurance Company Limited, we have updated “Personal Information and Privacy Protection Policy”. The update of this version mainly focusses on:

  1. In the section “V. How We Entrusted Processing, Provide Externally, Transfer and Publicly Disclose Your Personal Information”, a new cooperative supplier has been added to the partner list; 

 

This update will take effect on the effective date listed at the beginning of the “Personal Information and Privacy Protection Policy”, you can contact us if you have any question of the relevant contents, thank you for your focus and support.

HSBC Life Insurance Company Limited

Preface

HSBC Life Insurance Company Limited (the “Company”, “we” or “us”) take personal information confidentiality and security very seriously, and strive at all times to protect the personal information and privacy of our customers(including but not limited to the potential customers, applicant, the insured and the beneficiaries) and other related personal information subjects (customers and other related personal information subjects collectively referred to as “you”, “your” or “Information Subject”) according to law. We therefore formulate this Personal Information and Privacy Protection Policy (this “Policy”), in order to help you understand our purpose, method and scope of processing personal information, our practice of protecting personal information and privacy, your rights related to personal information and privacy and methods to protect your rights. We suggest you read this Policy carefully and understand all content of this Policy, and pay special attention to the bold and/or underlined parts. We strive to use easy-to-understand and concise language. When you click to agree, confirm the check box or actually use the services we provide, you agree that we will process your personal information in accordance with the provisions of this Policy. If you do not agree with any content of this Policy or have any questions, please do not proceed and contact us for consultation.

The key points of this Policy are as follows:

1. For your convenience to understand the purpose and category of personal information we collect when you sign up for our service, we therefore explain them under the particular service scenario.

2. When you sign up for some particular services, we will collect your sensitive personal information (for example, biometric information) after you give us clear, active consent. Refusal on providing consent might affect you use related service, but will not affect you use other services we provided.

3. To provide the service per you request, we might need to share your personal information to third party. We will carefully assess the legality, legitimacy, and necessity of the data sharing with third party. We will ask the relevant third party take all data protection measures required pursuant to laws and regulations. We will ask for your consent or ask the relevant third party to demonstrate they have received your consent via confirmation agreement, page prompt and/or interactive process in accordance with the requirements of laws and regulations.

 

We fully understand how important your personal information means to you, and we will exert our effort to protect the security of your personal information. We have always been committed to maintain your trust and will stick to below principles to protect your personal information: Right and Responsibility Consistency, Explicit Purpose, Freely Given Consent, Minimum and Necessity, Assurance of Information Security, Participation, Fair and Transparency. We are also committed to take appropriate security measures to protect your personal information according to law.

 

This Policy shall apply to your personal information that may be involved when you visit, browse and use website, WeChat official account and other mobile internet applications (including but not limited to WeChat Mini Programs and application, etc.)( collectively referred to as “Website and/or Applications ” or “Platform”), apply for or use any product or service of the Company, handle any business at the Company or make any transaction with the Company, participate in online or offline events, marketing events and surveys of the Company, and/or contact or correspond with the Company, no matter the information is provided by yourself, or collected or acquired by the Company from other sources according to laws, regulations, regulatory provisions, or based on your authorization or consent. 

 

If you would like to learn more details about this Policy, please read these chapters as set out below:

I.    How We Protect Your Personal Information

II.   How We Collect Your Personal Information

III.  How We Use Your Personal Information

IV.  How We Store Your Personal Information

V.   How We Entrusted Processing, Provide Externally, Transfer and Publicly Disclose Your Personal Information

VI.  Special Circumstances for Information Processing

VII. How We Use Cookies and Other Technologies

VIII.Your Rights Relating to Personal Information

IX.  How to Contact Us

X.   Protection of Minors’ Personal Information

XI.  Formulation, Effectiveness, Update and Others of This Policy

I. How We Protect Your Personal Information

1. Information security is our top priority. We will endeavour at all times to safeguard your personal information against unauthorized or accidental access, processing or erasure. We maintain this commitment to information security by implementing appropriate security technology and security management measures to secure your personal information. If your legitimate rights and interests are damaged due to unauthorized access, public disclosure, tampering or destruction of information due to our reasons, we will bear corresponding legal responsibilities according to law.

 

2. The Company's website uses advanced information security protection technology in the industry to protect customers' personal information, and this technology also complies with the current industry standards for information security protection on the Internet. When you provide sensitive personal information through our Website and/or Applications, it is automatically protected.

 

3. We maintain strict security system to prevent unauthorized access to your personal information. We exercise strict management over our staff members who may have access to your personal information, including but not limited to access control applied to different positions, contractual obligation of confidentiality agreed with relevant staff members, formulation and implementation of information security related policies and procedures, and information security related training offered to staff.

 

4. We will not disclose your personal information to any third party, unless the disclosure is made to comply with laws, regulations and regulatory requirements or according to this Policy or other agreement (if any) or based on the separate authorization or consent. When we use services provided by external service providers (entities or individuals), we also impose strict confidentiality obligations on them and request them to abide by this Policy when processing personal information.

 

5. For the security of your personal information, you take on the same responsibility as us. You shall properly store your personal information such as your account information, identification documents, contact information, identity verification information (e.g. user name, password, dynamic password, verification code, etc.), and all the documents, materials, devices or other media that may contain or record or otherwise relate to such information, and shall ensure your personal information and relevant documents, materials, devices or other media are used only in a secured environment. It is suggested not to disclose to any other person or allow any other persons to use such information and relevant documents, materials, devices or other media. Once you think your personal information and/or relevant documents, materials, devices or other media have been disclosed, lost or stolen and may so endanger the relationship between you and the Company or cause your account being used for any unauthorized transactions, you shall notify us immediately so that we may take appropriate measures to prevent further loss from occurring.

 

6. We will organize regular staff training and drills on emergency response so that they can master their job responsibilities and emergency handling strategies and procedures. If personal information security incident occurs unfortunately, we will adopt emergency plan and take relevant actions and remediation measures to mitigate the severity and losses in connection therewith. Meanwhile, we will, following the applicable requirements set out in laws and regulations, inform you of the basic information of the security incident and its possible impact, the actions and measures we have taken or will take, suggestions for you to prevent and mitigate the risk, and applicable remediation measures. We will inform you about the security incident by email, mail, call, SMS, push notification or through other methods as appropriate in a timely manner. Where it is difficult to notify each Information Subject, we will post public notice in a reasonable and effective way. Meanwhile, we will report such personal information security incident and our actions to the regulatory authorities in accordance with applicable laws, regulations and regulatory requirements.

II. How We Collect Your Personal Information

1. Personal information refers to various information related to identified or identifiable natural persons recorded electronically or otherwise, excluding anonymized information. Personal information includes name, date of birth, ID information (ID card, passport, etc.), personal biometric information, communication contact information, residential address, account information, property status, location information, etc. Sensitive personal information refers to personal information that, once leaked or illegally used, may easily lead to the infringement of the personal dignity of natural persons or the harm of personal and property safety, mainly including: ID information (ID card, passport, etc.), personal biometric information, religious belief, credit information, property information, transaction information, health and physiological information, specific identity, medical health, financial account, whereabouts and other information, as well as personal information of minors under the age of 14, etc.

2. As required us to provide you with various products and services and continuously improve our products and services, or in order to contact or communicate with you, understand your needs, build up, review, maintain and develop our relationship with you, or for the purpose to comply with laws, regulations and regulatory provisions, the Company will collect or retain the personal information provided by you, or collect, inquire and verify your personal information from members within the HSBC Group or other third parties (including but not limited to credit reference agencies, information service providers, relevant authorities, employers, counterparties, other relevant entities, joint applicants, contact persons, close relatives and other persons) through appropriate means in accordance with laws, regulations, regulatory requirements or your authorization or consent. “HSBC Group” under this Policy means HSBC Holdings plc, and/or any of, its affiliates, subsidiaries, associated entities and any of their branches and offices (together or individually), and “member of the HSBC Group” has the same meaning.

3. The personal information we collect may include information in paper, electronic (for example but not limited to information collected through any of the Company’s website, WeChat official account, mobile internet  applications, email, text message or customer service hotline) or any other forms.

 

4. When you visit, browse, use our Website and/or Applications as a visitor, we may collect information about the browser or device you use (such as IP address, operating system, and browser version), your browsing actions and patterns. We use Cookies and other similar technologies to collect above information. You may disable Cookies by changing your settings (for details, please refer to Section VII of this Policy “How We Use Cookies and Other Technologies”).

 

 

We may invite you to subscribe to our newsletter, updates, alerts or to participate in our online/offline events, marketing events, survey via certain parts of our Website and/or Applications. If you accept relevant invitation, we may collect the information you provide to us by filling out contact forms or questionnaires, etc. The said information may include name, telephone number, email address, employer name, and job position etc. The provision of such information is at your discretion. Refusal to provide such information will not affect your visiting, browsing or using our Website and/or Applications.

 

5. When you apply or have become our individual customer, in order for us to provide you with our insurance products/services and to handle relevant insurance business, we may collect, or collect from the third party that you permitted, the following information upon your consent or authorization:

 

Purpose or Function (Insurance Product/Service)

Information we may need to collect

Purchase online insurance products

Basic information of the policyholder, insured and/or beneficiary, including but not limited to: personal name, tax residency status, ID number, ID validity period (including start and expire dates), annual income, nationality, residential address, telephone number, e-mail address, relationship information between the policyholder and the insured, and your location information (in the case of free insurance, we will obtain your personal city information, and in the case of paid insurance, we may obtain your personal geographical location), etc. (The details are subject to what the page requires you to provide at that time);

Other information that we prompt you to collect.

 

Purchase non-online insurance products, apply for insurance services such as preservation and claim

 

Personal identity information, including name, names used in the past, gender, birth date, nationality, area/country of citizenship, place of birth, ID Type & Number and term of validity, address of residence, the date when move to current address, mailing address, information of employer/school, employment, telephone number, e-mail, family status, identity relationship of the individual with other related personal information subjects;

Personal property information, including personal income, source of income, the country/region where the source of personal wealth is located, and the information content of the business owned by the individual, movable/immovable property, indebtedness, investment, tax-paid amount, tax resident identity, tax resident country, taxpayer identification number, etc.; special insurance scenarios also require proof of the relationship between the policyholder and the insured;

Personal biometrics information, such as signature, handwriting, fingerprint information, etc.;

Personal health information, including medical history, medical records, diagnosis and treatment, medical examination, accident information, and other relevant information in relation to personal health;

Personal insurance information, including purpose of insuring, purchased insurance, insurance that the individual is purchasing or plans to purchase, past claim information, other previous underwriting, claim settlement, preservation information, etc., and whether you are a member of the local social medical insurance;

Personal authorized payment bank account information, including account number, institution with which the account is opened, name of the account holder, etc.;

When applying for claims, if the claim beneficiary or payee is not the insured, we may also require the claim beneficiary or payee to provide proof of their relationship with the insured;

Correspondence and other communication records (recordings and videotaping, telephone records, correspondence records and content);Other information we inform you to collect.

 

Online application for partial preservation, claim settlement and other after-sales services related to insurance contracts, and identity authentication

 

Personal identity information: including name, gender, ethnic, date of birth, nationality, registered residency (Hu Kou), area/country of citizenship, ID Type, ID Number and term of validity, residential address, mailing address, information of employer/school, telephone number, email, personal signature, personal geographical location, etc.;

Personal health information, including medical history, medical records, diagnosis and treatment, medical examination, accident information, and other relevant information in relation to personal health;

Personal insurance information, including purpose of insuring, purchased insurance, insurance that the individual is purchasing or plans to purchase, past claim information and other previous underwriting, claim settlement, preservation information, etc., and whether you are a member of the local social medical insurance;

Personal authorized payment bank account information, including account number, institution with which the account is opened, name of the account holder, etc.;

When applying for claims, if the claim beneficiary or payee is not the insured, we may also require the claim beneficiary or payee to provide proof of their relationship with the insured;

Your WeChat ID;

Your name, ID type & number, mobile phone number, face recognition information (face image or video)

Other information that we prompt you to collect.

 

Pay premium

 

In order to complete the transaction, according to the requirements of the third-party payment channels that cooperate with the Company, you may be required to provide Alipay, WeChat account number, name of the bank where the account is opened, bank card account number, real name of the account holder, type of ID of the account holder, ID number of the account holder, mobile phone number information reserved by the bank for verifying the real-name status of the account, completing payment or subsequent payment deduction authorization, and understanding your payment status.

 

Maintaining the normal and safe operation of insurance business services, maintaining the normal and safe operation of the Platform, prevent and control the risk

 

The operation track of your online use and operation of our Website and/or Applications (including purchase of insurance products, application for insurance related to preservation, claims settlement and other after-sales services, etc.);

Model ID, identifiers, identification code, hardware serial number, operating system, software version number, IP address and the network service provider of the device you use;

Other information we inform you to collect.

 

The above information (including your sensitive personal information) is necessary for us to provide you with products or services, to perform our contract with you and to comply with laws, regulations and regulatory requirements. If you refuse to provide the requested information (or the information so provided is incomplete, inaccurate or untrue), you will not be able to use corresponding products or services provided by us, however, it does not affect your normal use of other products or services we provide.

 

You may choose at your own will, for the following purposes or functions, provide to or allow the Company to collect relevant information from you or any authorized third parties.

Purpose or Function

Information We collect

WeChat Authorized Log-in

Open IDof your WeChat account

 

Create a WeCom conversation

 

Your WeChat nickname and avatar information, chat history between you and WeCom, browsing history of links sent by you when you visit WeCom, and form questionnaire information (subject to the prompts on the page at that time and the information you voluntarily provide)

 

Vhall Live Streaming Platform Log-in

 

Cellphone number and nickname of your WeChat account

 

Recommend products or services you may be interested in, make an appointment with a Personal Wealth Planner

 

Your name, gender, cell phone number, place of residence, e-mail, employer and its address, job title

 

Provide you with wealth planning services and corresponding reports (including family protection, child education, retirement planning, parental care, wealth legacy, wealth management, exploring the world, etc.) based on your needs

 

Basic information about you and your family members (parents, spouse, children), including age, location, date of birth, your and/or your family's balance sheets, income and expenditures, existing protections, your risk appetite/risk tolerance, etc. (subject to the prompts on the page at that time and the information you voluntarily provide)

 

Information provided when you participate in online or offline events, marketing campaigns, surveys organized by us or jointly organized with other HSBC Group members

 

Your name, gender, cell phone number, place of residence, email, employer and its address, job title

Provide you with more accurate, personalized and convenient services, and enhance the service experience

Information provided when you respond to feedback, suggestions, or complaints, information relevant to categories, methods, and actions, action and transaction records of the policy service or features you use.

We will count and analyze the above information, and contact you or provide you with responses, services or products based on the information described above.

 

Value-added services (including providing customers with services related to physical examination, medical treatment, and exclusive products for critical illnesses )

 

In order to provide you with value-added services (including providing customers with medical examinations, medical treatment, and services related to exclusive products for critical illnesses), we need to collect the following personal information from you and provide it to relevant value-added service providers to assist you in providing you with specified value-added services.

Branch company, policy number, name of policyholder, customer number, last six number of ID number, last four number of mobile phone number, value-added service information, sales channel information, city of residence

Exclusive products and services for critical illnesses also include the sum insured, product code, and effective date of the policy

 

Pre-underwriting and underwriting trial-calculation service

 

We may, upon your request, process your historical insurance policy information (product code, product sum insured, product premium, whether the product is in a valid state, policy effective date, standard risk or not) to provide you with an underwriting trial service.


You understand and confirm that the aforementioned information contains your sensitive personal information. Once such sensitive personal information is disclosed, your personal rights and interests may be adversely affected. If you refuse to provide the above information, you will not be able to use or enjoy the corresponding authorized features, without prejudice to your normal use of our other services and features.

 

6. In addition, we may apply to you for the following system permissions related to personal information, and collect relevant information according to your authorization for the corresponding authorization functions. Please note that we will not enable these permissions by default, and we may collect your information through these permissions only when you actively confirm to enable them. In particular, our access to a specific permission does not necessarily mean that we will collect your relevant information; Even if you have confirmed that you have given us the permission, we will only collect your relevant information to the extent that it is lawful, legitimate and necessary:

 

System Privileges

Authorization capabilities

WeChat Login

Authorized login: When you choose to use WeChat login to log in to the Platform, we will retrieve your WeChat login function. You need to click next step on WeChat of your device and agree that we will collect your WeChat ID, Open ID to complete WeChat login verification

 

WeChat Official Account Self-services

 

When you choose to use self-services of WeChat official account, we will collect your name, mobile phone number, mobile phone verification code, ID Type & Number so that we can handle corresponding business for you.

 

"HSBC Huixuan" mobile App

 

When you choose to use the HSBC Huixuan APP to log in to the self-operated mall, we will collect your Open ID and Union ID.

Camera

Authorized access: When you perform identity verification or video call or file upload by taking photos, you need to open the camera permission of the device you hold so that we can scan and identify the device and give us the permission to collect the corresponding photos

 

Microphone

 

Authorized access: When you use the ""Yunqi" Living Room" WeChat mini-program to participate in video conferences and perform remote dual recording by China Banking and Insurance Information Technology Management Co., Ltd. ("CBIT"), you need to turn on the microphone permission for video calls or audio recording scenarios.

 

Locating service (location information)

 

Authorized access: When you purchase Internet insurance products or use the ""Yunqi" Living Room" WeChat mini-program to participate in video conferences, we need to obtain your device location permission and your location information. If you use an iOS device to log in to our products and when your device system is iOS14 or above, you can choose to turn off precise positioning information. At this time, we will only obtain your approximate geographic location. Turning off precise positioning information will not affect your normal use of this function. When you purchase non-online insurance and dual-recorded remotely by CBIT, we need to obtain your specific location information to comply with regulatory requirements.

 

These permissions are necessary to provide you with products or services, to fulfill our agreement with you, and to enable us to fulfill our legal and regulatory compliance obligations. If you fail to provide the required permissions, we will not be able to provide you with the corresponding products or services, however, it does not affect your normal use of other products or services we provide.

 

7. Please note that if we need to indirectly obtain your personal information from a third party for the purpose of providing products or services, we will require the provider to explain the source of your personal information and confirm that the provider have obtained your consent and the scope of authorized consent, including types of personal information, processing purposes and processing methods, etc. If the personal information processing activities that we need to conduct business exceed the scope of authorization and consent obtained from you by a third party, we will obtain your consent before processing your personal information.

8. Please understand that the services we provide to you are constantly evolving. If you choose to use any other service not listed above for which we have to collect your information, we will separately explain to you, the purposes, methods, and scope of personal information we collect etc., through reminders, alerts, interaction with you, agreements entered into with you or other appropriate method, and obtain your consent for that if required by applicable laws and regulations. We will collect, use, store, provide externally, and protect your information in accordance with this Policy and other agreements (if any) between you and us. If you choose not to provide certain information, you may be unable to use certain or part of the service, but your use of other services we provide will not be affected.

III.How We Use Your Personal Information

1. We will use your information to realize the purposes and functions mentioned in above Section II of this Policy “How We Collect Your Personal Information”.

 

2. When you visit, browse, use our Website and/or Applications as a visitor, we may use your information for the following purposes:

(1) to answer and respond to your queries and requests; 

(2) to provide you with information, products or services that you request from us or which we feel may interest you, subject to your prior consent;

(3) to perform contracts or agreements entered into between you and us; 

(4) to allow you to interact with us at our Website and/or Applications;

(5) to notify you about changes to our Website and/or Applications;

(6) to ensure our site or application content is presented in an effective manner on your device; 

(7) to maintain proper and secure operation of insurance business, to prevent and control risk, or to detect and prevent misuse or abuse of our website, applications, products or services;

(8) to meet the compliance obligations of us or the HSBC Group, or to comply with any applicable laws and regulations that we and HSBC Group companies are subject to; and

(9) to make statistics and analysis of the use of our business, products, services or functions, but such statistics will not contain any of your personally identifiable information.

 

3. When you apply or have become our individual customer, we may use your information for the following purposes:

(1) to provide you with products or services, to identify or verify your identity, to approve, manage, handle, execute or effect transactions requested or authorized by you;

(2) to comply with any Applicable Laws (“Applicable Laws” refer to any applicable local or foreign statute, law, regulation, ordinance, rule, judgment, decree, voluntary code, directive, sanctions regime, court order applicable to any member of the HSBC Group, agreement between any member of the HSBC Group and an authority, or agreement or treaty between authorities and applicable to the Company or a member of the HSBC Group) and any order or requirement from any authority;

(3) to perform the Company and/or the HSBC Group’s compliance obligations (including regulatory compliance, tax compliance and/or compliance with any Applicable Laws or requirement of any authority), or to implement any policy or procedure made by the Company and/or the HSBC Group for performance of their compliance obligations;

(4) to detect, investigate and prevent any real, suspected or potential financial crime (including money laundering, terrorist financing, bribery, corruption, tax evasion, fraud, evasion of economic or trade sanctions, and/or violations, or acts or attempts to circumvent or violate any Applicable Laws relating to these matters) and to manage financial crime risk;

(5) to prevent insurance fraud and other acts, and to verify relevant information through administrative agencies, judiciary, credit agencies, medical institutions, and other legal persons who have legally understood and mastered relevant information;

(6) to conduct investigations related to insurance, to verify, obtain or provide relevant references or information to doctors, hospitals, clinics, insurance companies or organizations;

(7) to enforce or defend the Company or any member of the HSBC Group’s rights, or to perform the Company or any member of the HSBC Group’s obligations (whether statutory obligations or contractual obligations, including but not limited to the Company’s obligations under any agreement entered into with any real or potential business and/or asset assignee, business partner or transaction participator);

(8) as required by or to fulfil the Company or the HSBC Group’s internal operational requirements (including for credit and risk management, data statistics, analysis, processing and handling, system, product and service design, research, development and improvement, planning, insurance, audit and administrative purposes);

(9) subject to your authorization, for marketing or promoting our relevant products or services;

(10) to obtain or utilize administrative, consultancy, telecommunications, computer, payment, data storage, processing, outsourcing and/or other products or services.

 

4. For the purpose of providing you with better products or services, we may send promotional information to your mobile phone number, email address or Platform account, and if you do not wish to receive such promotional information, you may unsubscribe or contact our customer service in accordance with the information prompts at that time or the corresponding functional settings of the Platform at that time to refuse to receive such promotional information.

 

5. The above information collection and use in this Policy shall not impact our use of your information for the purposes as otherwise agreed between you and us.

 

6. If we use your personal information for the purposes other than the purposes of information collection and use as set forth in this Policy or in other agreement between you and us, we shall inform you such purpose, and, if required by applicable laws and regulations, obtain your consent again, before using your personal information for such additional purposes.

IV.How We Store Your Personal Information

1. According to relevant laws and regulations, we will store your personal information collected in the territory of the People's Republic of China in the territory of the People's Republic of China, and keep such information strictly confidential in accordance with the law. If cross-border business is involved and we need to transfer your personal information collected in China to overseas institutions, we will clearly inform you of the purpose, receiver, and relevant security measures of the information, and we will ask for your consent in advance in accordance with the requirements of applicable laws and regulations, and perform compliance requirements such as safety assessment and signing of standard contracts in accordance with applicable laws, administrative regulations and regulations of relevant regulatory authorities.

2. We comply with Chinese laws, regulations and requirements on data and personal information storage. When we collect or process your information, we will, according to applicable laws and regulations, regulatory, archival, accounting, auditing or reporting requirements, and the purposes as set forth in this Policy, store your information for a period as minimum as necessary to fulfill the purposes of information collection.

3. After the retention period expires, we will destroy, delete or anonymize relevant information, or where the aforementioned activities are technically hard to realize, personal information handlers shall cease personal information handling except for storage and taking necessary security protective measures. The aforementioned requirements do not apply to the information that needs to be retained according to applicable laws and regulations, regulatory, archival, accounting, auditing or reporting requirements, special agreement between you or relevant customers and us, or for settlement of indebtedness between you or relevant customers and us, or for record check or enquiry from you, relevant customers, regulators or other authorities. 

V. How We Entrusted Processing, Provide Externally, Transfer and Publicly Disclose Your Personal Information

1. Entrusted Processing of Personal Information

For the purposes set out above in this Policy, under the preconditions that such provision or disclosure is necessary and is made with proper protective measures (please refer to Section I of this Policy “How We Protect Your Personal Information” for details),  We may entrust a competent third-party cooperation agency to process your personal information on our behalf within the scope permitted by laws and regulations. Our third-party partners include suppliers who provide us with infrastructure technology services, data analysis and processing services, customer services, SMS platform services, etc.

We solemnly promise that we will abide by the relevant provisions of laws and regulations on entrusted processing, fully review and evaluate the ability of such third-party cooperation agencies to protect personal information, and require third-party cooperation agencies to strictly abide by confidentiality obligations through written agreements and audits. Desensitize the entrusted information through technical means, and prohibit it from using such information for purposes without your consent. When the entrustment relationship is terminated, we will require the third-party cooperation agency not to save relevant information.

2. Provide Externally

(1) Provide to the partners

Some products and services of us will be provided by our partners, we will provide some of your personal information to our partners in order to advance your user experience. We will provide and disclose part or all of your personal information to third-party recipients (third parties may include authorities, regulators and our affiliates, service providers, cooperative financial institutions and other partners).

The List of Specific Partners

(2) Provided by law:

According to applicable laws and regulations, requirements of legal procedures, mandatory administrative or judicial requirements and/or requirements of higher authorities, including but not limited to government agencies, judiciary and their subordinate agencies. For example, we will reinsure part of the insurance business based on the mandatory requirements of laws and regulations and/or the purpose of risk and capital management. In this case, we will provide your basic personal information  (insured number, gender, date of birth, occupation and annual income), policy information (policy number, insurance type, policy effective date, coverage period, payment period, insurance amount, Insurance premium amount, health notification), medical records (health questionnaire, medical report, discharge summary, outpatient medical records, etc.) to carefully selected reinsurers (including reinsurers located in and outside mainland China). If the laws and regulations require us otherwise, we will implement them in accordance with the laws and regulations.

In the case of providing your personal information to a third party, we will inform you of the matters related to our provision of your personal information to the third party before providing the information to the third part, including recipient’s identity, contact details, processing purposes, processing methods and categories of personal information, in accordance with the requirements of applicable laws and regulations, if we need to obtain your separate consent, we will seek your separate consent in the form of a click-to-confirm agreement, click-to-confirm actions in specific scenarios, pop-up window prompts, etc. (except for situations where consent is not required according to laws and regulations). In addition, we will also sign relevant legal documents with third parties and require third parties to abide by laws and regulations when using your personal information, process personal information within the scope of the processing purpose, processing methods and types of personal information that have been informed to you, and require third parties to take management measures and technical means to protect your personal information.

3. Transfer

Without your separate consent, we will not transfer your personal information to any other company, organization or individual, except in the case of business/asset transfer, restructure, disposal (including securitization), merger, spin-off or acquisition transactions where the transfer is necessary. In such cases, if it involves transferring your personal information to a third party, we will inform you of the identity and contact information of the recipient of the personal information and request the personal information recipient to comply with this Policy. If the personal information recipient changes the purposes, methods etc. of personal information processing under this Policy, it shall re-obtain the consent from you.

4. Public Disclosure

We will not publicly disclose your personal information. If there are reasonable reasons for public disclosure, we will inform you of the purpose and types of the publicly disclosed information before the public disclosure (if it involves your sensitive personal information, you will also be notified of the sensitive personal information involved), and will disclose it publicly after obtaining your authorization and consent, unless otherwise stipulated by laws and regulations or otherwise agreed in this policy.

VI.Special Circumstances for Information Processing

We will process your information (collection, storage, use, analysis, transfer, provide, disclosure) based on your consent. To the extent allowed by laws and regulations, we may process your personal information without your consent under the following circumstances: 

(1) Where it is necessary for entering into a contract or the performance of a contract to which you are the party.

(2) Where it is necessary for compliance with a legal obligation to which we are subject.

(3) Where it is necessary in order to protect your vital interests in an emergency or respond to public health emergencies.

(4) Where it is within reasonable limits in order to carry out news coverage or media supervision for the public interest.

(5) Where it is within reasonable range according to laws and regulations to process the information has been legally made public or publicized by yourself.

(6) Other circumstances stipulated by laws and regulations.

VII. How We Use Cookies and Other Technologies

1. Your visit, browse, use of any of our Website and/or Applications may be recorded for analysis on the number of visitors to the Website and/or Applications and general use patterns and your personal use patterns and improving your experience. Some of this information will be gathered through the use of “Cookies”. Cookies are small bits of information automatically stored on your local terminal, which can be retrieved by your local terminal. Cookies can enable our website or applications to recognize your device and store information about your use of website and/or applications so to provide more useful features to you and to tailor the content of our website/applications to suit your interests and, where permitted by you, to provide you with promotional materials based on your use patterns. We will be able to access the information stored on the Cookies.

The information collected by Cookies is anonymous aggregated data, and contains no personal information such as name, address, telephone, email address etc.

2. Our website and/or applications may also work with third parties to research certain use and other activities on the website and/or application. These third parties include without limitation to Doubleclick, Yahoo!, Nielsen//NetRatings, WebTrends, Google and Adobe. They use technologies such as spotlight monitoring, Web Beacons and Cookies, etc. to collect information for such research. They use the information collected through such technologies (i) to find out more about users of the website and/or application of the Company, including user demographics, behavior and usage patterns; (ii) for more accurate reporting; and (iii) to improve effectiveness of our marketing. They aggregate the information collected and then share it with the Company. The data we provide to such companies may include your advertising ID and installation event (refers to data about your first installation or use of our website and/or application). However, we will not collect personally identifiable information about you from such companies or provide such companies with personally identifiable information about you for the purpose of this research.

3. Most local terminals are initially set to accept Cookies. You can manage or disable Cookies based on your own preference. Should you wish to disable the Cookies, you may do so by changing the setting on your local terminals. However, after changing the setting you may not be able to enjoy the convenience that Cookies bring, but your normal use of other functions of the local terminals will not be affected. Different local terminals offer different methods for setting changes, and you can find information on how to manage cookie settings on certain browsers via the following links.

VIII.Your Rights Relating to Personal Information

You have the right to request us to protect and secure your personal information in accordance with the provisions of the laws, regulations and this Policy, and exercise your rights as entitled by applicable laws and regulations. This Policy does not restrict other rights that you, as a subject of personal information, may enjoy under applicable laws and regulations.

1. Access to Your Personal Information

You have the right and can inquire about whether we hold your personal information and review your personal information provided by you through the methods listed in "IX. How to Contact Us" in this Policy. You can also check your basic information in the following ways. The specific query path is: follow the "HSBC Life" WeChat official account, and click the menu "Hui Service" -> "Self-Service".

2. Change the Scope of Your Consent or Withdraw Your Authorization

You have the right to change the scope of authorization or withdraw your consent, and exercise your right per the method listed in “IX. How to Contact Us”. We will not further process the related personal information once you change your authorization or withdraw your consent. Please note the change of the consent or withdrawal of your authorization will not affect our previous processing of personal information based on your previous authorization.

3. Correct and Supplement Your Personal Information

You have rights and obligations to promptly update your personal information on the Platform or correct and supplement any inaccurate or incomplete personal information to ensure that the relevant information is complete, accurate and up-to-date. You have the right to ask us to provide convenience for you to update your personal information, and you have the right to ask us to correct or supplement any inaccurate or incomplete information about you through the methods listed in "IX. How to Contact Us" in this Policy. If some of your information has changed, you can modify it in the following ways. The specific operation path is: follow the "HSBC Life" WeChat official account, and click the menu "Hui Service" -> "Self-Service".

4. Delete Your Personal Information

Unless otherwise stipulated by laws and regulations, we will actively delete or anonymize your personal information in the following situations, and you can also contact us through the methods listed in "IX. How to Contact Us" in this Policy to make a request to delete your personal information, but please note that deleting such personal information may affect your use of the products or services we provide through the Platform:

(1) The purposes of our processing of your personal information have been fulfilled, cannot be fulfilled or are no longer necessary for the fulfillment of the processing purposes;

(2) We stop providing services, or the retention period has expired;

(3) You withdraw your previous consent to us;

(4) We process your personal information in violation of laws, administrative regulations or agreements with you;

(5)    Other circumstances where personal information should be deleted as stipulated by laws and administrative regulations.

If the storage period stipulated by laws and administrative regulations has not expired, or if it is technically difficult to delete personal information, we will stop processing your personal information other than storing it and taking necessary security protection measures.

5. Copy or Transfer Your Information

You can contact customer service through the methods listed in "IX. How to Contact Us" in this Policy and request to copy your personal information. We will provide the corresponding copy of personal information in a timely manner under the premise that it complies with relevant laws and regulations and is technically feasible. You can also ask us to transfer your personal information to a third party you designate, and we will provide you with a transfer method if the conditions stipulated by the national cyberspace administration are met.

6. Rights of Relatives of Deceased Clients

Unless otherwise arranged by the deceased customer during his or her lifetime, we guarantee the rights of the deceased customer's close relatives to access, copy, correct, and delete the relevant personal information of the deceased customer for their own legitimate interests. The specific operation methods refer to the aforementioned rules.

7. Explanation

You have the right to contact customer service through the methods listed in "IX. How to Contact Us" in thisPolicy, and ask us to explain the personal information processing rules in this Policy.

IX.How to contact us

1. Requests for access, copy, change the scope of consent, withdraw your authorization, correct, supplement and delete your personal information, copy or transfer or process your personal information beyond retention period, or exercise your other rights as related to your personal information according to applicable laws and regulations, should be addressed to:

Phone number: +86 400-820-8363 (Monday to Friday 8:30am - 5:30pm of weekdays)

In addition, you can also submit your request through "Hui Service" in the menu bar of the "HSBC Life" WeChat official account -> "Personal Information Protection" -> "Personal Rights Request".

2. For security purpose, you may need to provide the request in written form or use other methods to prove your identity. We may request you to verify your identity before processing your request.

3. Upon the receipt of your request, we will reply to you within 15 working days or shorter period as prescribed by laws and regulations (if any).

4. We will not charge fees for the processing of your above-mentioned reasonable requests for checking, correcting or otherwise disposing of your personal information.

5. Notwithstanding the foregoing, we may reject illegal, noncompliant, unnecessarily repeated, needs excessive technical means (for example, the need to develop information systems or fundamentally change current practices), brings risks to the legitimate rights and interests of others, unreasonable or technically impracticable requests. We may not be able to respond to your request under any of the following circumstances:

  • where it is in direct relation to the Company’s compliance with laws, regulations and regulatory requirements;
  • where the request is in direct relation to state security or national defense security;
  • where the request is in direct relation to public security, public sanitation, or major public interests;
  • where the request is in direct relation to criminal investigations, prosecutions, court trials, execution of rulings, etc.;
  • where there is sufficient evidence that you are intentionally malicious or abuses your rights;
  • where it is because of protecting your or others’ life, property or other significant legitimate rights of you or others but it’s difficult to obtain your consent;
  • where responses to your request will give rise to serious damage to your or any other individual or organization’s legal rights and interests; and
  • where the request involves trade secrets;
  • any other circumstances as provided by laws and regulations.

6. Unless we have your prior consent, we will not send you advertisement promotion message. If at any time you would like us to cease using or providing to others your personal information for advertisement promotion purpose, you are entitled to notify us and exercise your right of choice, not to receive such advertisement promotion any more. If you so choose to reject advertisement promotion message, you can unsubscribe in accordance with unsubscribe methods prompted by advertisement promotions, or call our customer service hotline +86 400-820-8363 to refuse to accept such promotions. After receipt of your request, we will, as soon as practical (usually no later than 15 working days from your request), take actions to ensure no more advertisement promotion message should be sent to you.

7. You have the right to request us to explain the rules of processing personal information under this Policy, supervise, make suggestions or raise questions for our practices regarding personal information and privacy protections, or lodge complaints or demand compensation according to law against us or our staff for any infringement of your rights and interests in personal information and privacy. You may reach out to us at, or visit our WeChat official account to lodge complaints, we will reply within a maximum of 15 working days or a shorter period stipulated by laws and regulations (if applicable) after receiving your request and verifying your identity.

Contact person: Chief Data Officer (CDO)

E-mail: hsbcdpi@hsbc.com.cn

X. Protection of Minors’ Personal Information

1. We pay particular attention to protection of the minors’ personal information. We have no intention to collect any minors’ personal information, unless it is agreed by their parents or guardians and it is necessary for the products or services offered to the minors (for example, the minors may become the insured, the beneficiaries of insurance products, etc.)

2. If you are under 18 years old, it is suggested that your parents or guardians carefully read this Policy and you shall submit your personal information only upon obtaining consent from them. Meanwhile, it is suggested that your use of our product and service is conducted under the guidance of your parents or guardians. If your parents or guardians do not allow you to submit your personal information or to use any product or service of the Company, you shall immediately cease submitting the information or using the product and service of the Company and notify us of such event to us as soon as possible, so as to allow us to take effective measures.

3. If you are under 18 years old, for the personal information collected with consent of your parents or guardians, we will only process such information to the extent allowed by laws and regulations or expressly consented by your parents or guardians, or where required for protecting interests of minors.

4. If you are the parent or guardians, please contact us through the contact information above when you have any questions about the information processing of the minor under your guardianship.

XI. Formulation, Effectiveness, Updating of this Policy

1. We formulate and will publish this Policy on our official website and/or relevant applications. This Policy takes effect on the effective date listed at the beginning.

2. Our Personal Information and Privacy Protection Policy may be modified and updated from time to time, and we will disclose such changes or amendments to this Policy on our official website, including through window prompts or announcements, etc. Changes to this Policy should not reduce or limit your rights as a subject of personal information under applicable laws and regulations.

3. Where you provide to us personal information about another person (including but not limited to you insuring someone else, or designating someone else as beneficiary), you should ensure that such person acknowledges this Policy and, in particular, notify such persons of how we use his/her personal information and obtain the consent of such person. You should remind such person to read this Policy in advance and may also give such person a copy of this Policy.

Back to Top