Forum Home» Budgeting & Bank Accounts

GDPR and former HSBC customer

New Post Advanced Search

GDPR and former HSBC customer

edited 30 November -1 at 1:00AM in Budgeting & Bank Accounts
11 replies 1.1K views
davidgmmafandavidgmmafan Forumite
1.5K posts
✭✭✭
edited 30 November -1 at 1:00AM in Budgeting & Bank Accounts
Hi,


I applied a while ago to take advantage of a HSBC switching incentive. After some confusion because I'd had an account before and a lot of wasted time they ultimately wrote to me to say as their records showed I'd had money written off, and they have a policy of not offering current accounts to people who have had a balance owing to them written off they had declined the applciation.


Now it's not a problem as I've managed to get incetives elsewhere but it occured to me that, in terms of GDPR, this seems to go against the right to be forgotten.


I've asked the information commissioner about this but it seems they are very busy so I thought I'd try here too.


I am not currently a customer and this would be over six years ago, maybe seven or eight.I therefore don't see how they feel they are justified in keeping this data on file...
Mixed Martial Arts is the greatest sport known to mankind and anyone who says it is 'a bar room brawl' has never trained in it and has no idea what they are talking about.
«1

Replies

  • edited 11 July 2019 at 8:18AM
    zx81zx81 Forumite
    28.3K posts
    Tenth Anniversary 10,000 Posts Photogenic Name Dropper
    ✭✭✭✭✭
    edited 11 July 2019 at 8:18AM
    The right to be forgotten is a specific right you need to exercise. When did you ask them to forget you? Did you get confirmation at the time?

    If you actually mean their data retention periods, it's not unreasonable to retain data that has a direct commercial impact for several years. There is also of course their legal obligations to consider.

    Your starting point is to refer to their privacy policy, which should outline retention periods.
  • edited 11 July 2019 at 8:15AM
    Willing2LearnWilling2Learn Forumite
    6.3K posts
    Seventh Anniversary 1,000 Posts Name Dropper Photogenic
    ✭✭✭✭
    edited 11 July 2019 at 8:15AM
    According to the HSBC data retention policy,
    Risk management:
    we’ll use your information to measure, detect and prevent the likelihood of financial, reputational, legal, compliance or customer risk. This includes credit risk, traded risk, operational risk and insurance risk (e.g. for underwriting or claims management purposes). We’ll do this because we have a legitimate interest in ensuring that we carry out a proper risk assessment prior to providing credit, insurance or other finance

    So they are basically holding on to your data in order to help assess commercial risk...

    https://www.hsbc.co.uk/content/dam/hsbc/gb/pdf/privacy-notice2.pdf
    I work within the voluntary sector, supporting vulnerable people to rebuild their lives.

    I love my job

    :smiley:
  • gt94sss2gt94sss2 Forumite
    4.5K posts
    Part of the Furniture 1,000 Posts Name Dropper Combo Breaker
    ✭✭✭✭
    I applied a while ago to take advantage of a HSBC switching incentive. After some confusion because I'd had an account before and a lot of wasted time they ultimately wrote to me to say as their records showed I'd had money written off, and they have a policy of not offering current accounts to people who have had a balance owing to them written off they had declined the

    Now it's not a problem as I've managed to get incetives elsewhere but it occured to me that, in terms of GDPR, this seems to go against the right to be forgotten

    I am not currently a customer and this would be over six years ago, maybe seven or eight.I therefore don't see how they feel they are justified in keeping this data on file...

    HSBC have the right to keep this sort of information on their current/former customers for their own purposes. It’s nothing to do with the right to be forgotten which is mainly to stop things appearing in public/search engines.

    HSBC are not making this information publicly available - it would have been recorded on your credit files and deleted after 6 years so other firms now don’t have access to it, but HSBC will always know they had a bad experience with you and that can influence their own decision making.
  • [Deleted User][Deleted User]
    0 posts
    MoneySaving Newbie
    :A
    gt94sss2 wrote: »
    HSBC have the right to keep this sort of information on their current/former customers for their own purposes. It’s nothing to do with the right to be forgotten which is mainly to stop things appearing in public/search engines.

    HSBC are not making this information publicly available - it would have been recorded on your credit files and deleted after 6 years so other firms now don’t have access to it, but HSBC will always know they had a bad experience with you and that can influence their own decision making.

    This ^^^

    GDPR and "the right to be forgotten" is not a get out of jail free card for previous wrong doings.

    If an organisation wishes to "blacklist" you and hold information that supports that decision, especially in the financial industry, then it's perfectly legal to do so.
  • ErgatesErgates Forumite
    842 posts
    Seventh Anniversary 500 Posts Name Dropper
    ✭✭✭
    [Edited] list from the ICO:
    https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-erasure/


    When does the right to erasure apply?
    Individuals have the right to have their personal data erased if:
    • the personal data is no longer necessary for the purpose which you originally collected or processed it for;
      ....
    • you are relying on legitimate interests as your basis for processing, the individual objects to the processing of their data, and there is no overriding legitimate interest to continue this processing;

    HSBC have a legitimate interest in keeping track of customers they consider to be a credit risk, therefore right to erasure would not apply here.
  • sazaccountsazaccount Forumite
    500 posts
    Sixth Anniversary 100 Posts
    ✭✭
    Not sure if it help but when I went to do a switch to Natwest in February, I found I had a "block" to having an overdraft I hadn't held an account with Natwest since around 2004!! turns out that because I had a young persons account they used to use the z condition with stopped any over charges/overdraft from being applied and in the shop I was told I would have to take in paper copies of 3 months worth of payslips (I had digital copies on my phone but they wouldn't accept them) lots of frustration later and a trip to another branch they were able to get the account open. So they had held data on me for 15 years!!!! and yes this is legal for them to hold onto this type of data I asked!
    Thanks to money saving tips and debt repayments/becoming debt free I have been able to work and travel for the last 4 years visiting 12 countries and working within 3 of them. Currently living and working in Canada :beer: :dance:
  • [Deleted User][Deleted User]
    0 posts
    MoneySaving Newbie
    sazaccount wrote: »
    Not sure if it help but when I went to do a switch to Natwest in February, I found I had a "block" to having an overdraft I hadn't held an account with Natwest since around 2004!! turns out that because I had a young persons account they used to use the z condition with stopped any over charges/overdraft from being applied and in the shop I was told I would have to take in paper copies of 3 months worth of payslips (I had digital copies on my phone but they wouldn't accept them) lots of frustration later and a trip to another branch they were able to get the account open. So they had held data on me for 15 years!!!! and yes this is legal for them to hold onto this type of data I asked!


    It is legal, as you say. The reason for its legality is that the waste of space known as the ICO allows banks and other organisations to keep personal data "for as long as necessary", without requiring them to state what the necessity is.
  • sazaccountsazaccount Forumite
    500 posts
    Sixth Anniversary 100 Posts
    ✭✭
    It is legal, as you say. The reason for its legality is that the waste of space known as the ICO allows banks and other organisations to keep personal data "for as long as necessary", without requiring them to state what the necessity is.

    Yep, they used some excuse about "responsible lending" and other buzz words in the first branch saying they were unable to remove this condition, which just made me laugh as 3 months before I was accepted for an amex gold with a 6000 limit, and not waiting to hear that i was no longer 16 and held a full time job while also living with my parents and only wanted a 300 overdraft for those times you forget about a DD or something similar.

    Next branch took it of then and there, and I was automatically offered a 3K overdraft
    Thanks to money saving tips and debt repayments/becoming debt free I have been able to work and travel for the last 4 years visiting 12 countries and working within 3 of them. Currently living and working in Canada :beer: :dance:
  • Carrot007Carrot007 Forumite
    3.2K posts
    Tenth Anniversary 1,000 Posts Name Dropper
    ✭✭✭✭
    sazaccount wrote: »
    I was told I would have to take in paper copies of 3 months worth of payslips (I had digital copies on my phone but they wouldn't accept them)


    And that's the crazy bit.


    Surely they would accept digital copies from somwehere? Maybe downloading them in front of them?


    But some banks eh? Stuck in the stone age.


    I have not had a paper copy of a payslip in (goes to check...), well since april 2011. They also cannot be provided either. Well beyond the point I can print them at work. I can also do that at home though.


    Still whats the differenec. My palslips back in the day were much the same as I could print out now and just as easily forgable as digital ones. In fact probably easier for most people.
  • ErgatesErgates Forumite
    842 posts
    Seventh Anniversary 500 Posts Name Dropper
    ✭✭✭
    It is legal, as you say. The reason for its legality is that the waste of space known as the ICO allows banks and other organisations to keep personal data "for as long as necessary", without requiring them to state what the necessity is.

    Companies are required to give the reason for holding onto data if challenged. The ICO don't go round randomly asking companies why they're keeping data because that would be a massive waste of public money - they lay out what companies *aren't* allowed to keep data for, and then deal with complaints/issues as and when they arise.
Sign In or Register to comment.

Quick links

Essential Money | Who & Where are you? | Work & Benefits | Household and travel | Shopping & Freebies | About MSE | The MoneySavers Arms | Covid-19 & Coronavirus Support