Home Privacy Mobile Privacy Notice Current Page

Mobile Privacy Notice

first direct (we’, ‘our’ and ‘us’), which is a division of HSBC UK Bank plc, collects, uses and shares information about you so that we can provide you with a bank account and related services. This app Privacy Notice explains how we collect, use and share your information when you use our app, including information about the device that the app is installed on, for example, your mobile phone or tablet. You can find full information in our main privacy notice.

This app is provided by first direct which is a division of HSBC UK Bank plc but all products and services accessed via this app are provided by us, HSBC group companies or selected partners.

If you need further information on anything related to this app Privacy Notice, or want to contact our Data Protection Officer (DPO), you can write to customer service centre, BX8 1HB addressed ‘for the attention of the DPO’. To exercise your rights, you can write to Customer Service Centre, BX8 1HB and addressed ‘for Rights of Individuals Fulfilment (ROIF)’. Alternatively, you can contact us using our first direct Mobile Banking app, where you can chat with us 24/7 or via telephone banking.

We use a range of measures to keep your information safe and secure, which may include encryption and other forms of security. We require our staff and any third parties who carry out any work on our behalf to comply with appropriate compliance standards including obligations to protect any information and apply appropriate measures for the use and transfer of information. 

We may share your information with other HSBC group companies and any sub-contractors, agents or service providers who work for us or other HSBC group companies (including their employees, sub-contractors, service providers, directors and officers) to provide you with products or services that you ask for (such as bank accounts and payments).

We’ll keep your information in line with our data retention policy. For example, by default, we’ll normally save your main banking information for a period of 7 years from the time our relationship ends with you. This allows us to comply with legal and regulatory requirements or use it for legitimate purposes, such as managing your account and dealing with any disputes or concerns that may arise.

The list below explains what information we collect from your device, how we use it, and whether we share it. In some cases, we will seek your permission.

Permissions for all devices:

  • Camera
    • Allows you to deposit a cheque using the first direct Mobile Banking app by taking a photo of the cheque
    • Allows you to take a photo or video of yourself and your documents to confirm your identity
    • Allows you to scan a QR code and use the App on up to 3 devices
  • Microphone: Allows you to send recorded voice messages when you’re chatting with us
  • Biometric information:
  • For Android: Allows you to use your biometric credential, such as fingerprint recognition, to log on
  • For IOS: Allows you to use your biometric credentials, such as Face ID or Touch ID, to log on
  • Push Messages: Allows us to inform that you’ve received a chat message and send you transaction notifications from us
  • Speech Recognition: Allows us to convert spoken language into text in mobile chat.

Permissions specific to Android devices:

  • Device Information and Internet Access: This allows us to use your internet connection to access our banking systems and check you have a working connection.
  • List of Apps Installed: We collect information about applications installed on your device to check whether you might have risky applications on it. This helps us protect you and us from financial crime.
  • External Storage (eg memory card): This lets the app save files onto your device's external storage. This allows you to store and send documents, for example loan agreements.
  • Device ID & Call information: This allows you to contact first direct directly through the app without having to manually dial a telephone number.


We also use the following tools to collect information about your device and the way you use it online:

  • Transmit Security - helps make sure your logon and authentication are more secure
  • Tealium (tag manager) - allows us to control the deployment of cookies according to your cookies consent preferences 
  • AppDynamics - helps track app performance so that it can keep running properly
  • TIS mobiFlow - allows you to deposit cheques digitally
  • LivePerson – allows us to provide chat support and messaging services
  • Google Pay - allows you to make payments using your Google Pay app
  • BioCatch - allows us to check unusual or suspicious activity on your device, such as malware, so that we can prevent payment scams and fraudulent activities
  • ThreatMetrix - allows us to protect you against fraud by identifying if there are any malware or risky software installed on your device
  • Vasco DigiPass - allows us to detect and prevent fraudulent activities on our app
  • Tealium EventStream – Allows us to collect data to personalize our app
  • Celebrus – Allows personalised content delivery across apps and identifies behaviours that may represent an increased risk of fraud and provide associated warnings
  • Tealium (AudienceStream) - allows us to collect data about how you use this app so that we can create profiles based on your behaviour and measure the performance of our digital advertising