KYC Due Diligence Services CC 2015/15179, ('KYC', 'we' , 'us' or 'our'), is the owner and operator of the KYC service, an Anti-Money Laundering and Counter Terrorism Financing (AML/CTF) service designed for entities required to comply with AML/CTF obligations and regulations.
KYC is committed to protecting the privacy of individuals whose information is collected including information contained in our databases, and to assisting in resolving any issues that may arise in relation to this information. This policy describes how KYC handles personal information collected.
KYC is dedicated to being transparent about what personal information we collect and how we use it.
KYC may review and update this policy from time to time to take account of new laws, technology, changes to our operations, and the changing business environment. Updates will be published on the KYC website.
This policy provides you with information about:
- how we use personal information;
- what personal information we collect;
- how we ensure privacy is maintained; and
- rights relating to personal information.
How we collect and use personal information
We collect personal information from:
- Commercial suppliers of AML/CTF watchlists (KYC databases - 'Watchlists');
- Our clients regarding their members and customers (KYC databases - 'Members');
- Our clients permitted to use KYC services (KYC databases - 'Clients'); and
- Other business collections.
The KYC databases - Watchlists, Members and Clients
What personal information do we collect?
The databases maintained by KYC contain personal information about individuals. KYC obtains personal information for its databases from a commercial supplier of AML/CTF watchlists and from KYC's clients regarding their members and customers. This information may typically include an individual's names, date of birth and a client number allocated to the individual. The information received from our commercial supplier of AML/CTF watchlists may also include information about criminal records, personal relationships and other publicly available information. KYC seeks assurances from all its data sources that the information has been collected and is held in accordance with applicable privacy laws. Because of the nature of the KYC service it is not possible to collect this information directly from the individual.
KYC will not use this personal information for any purpose other than to assist its clients to meet their obligations under their AML/CTF legislation. KYC maintains strict security over this personal information.
KYC also collects personal information from clients permitted to use the KYC service when the client registers with the service and a client contact logs in for the first time. This information may include the client contacts' name and contact details. Where there are several users in a client's organisation those users' names and contact details will also be collected and may be provided by another user in the client organisation. If this information is not provided you cannot use the KYC service. This information is used only to track users of the KYC service.
If we hold your personal information through Watchlists or Clients, this is not controlled by us and you should refer to their respective privacy policies.
KYC databases are held and stored by KYC or a cloud services provider.
How we use this personal information?
We will use your personal information:
- To fulfil a contract, or take steps linked to a contract: in particular, in facilitating and processing transactions that take place on our website, such as where you register with the site.
- Where this is necessary for purposes which are in our, or third parties, legitimate interests. These interests include:
- operating the website;
- providing you with services described on the website;
- verifying your identity when you sign in to our website;
- responding to support tickets, and helping facilitate the resolution of any disputes;
- updating you with operational news and information about our website and services e.g. to notify you about changes to our services, website disruptions or security updates;
- carrying out technical analysis to determine how to improve the website and services we provide;
- monitoring activity on the website, e.g. to identify potential fraudulent activity and to ensure compliance with the user terms that apply to the website;
- managing our relationship with you, e.g. by responding to your comments or queries submitted to us on the website or asking for your feedback;
- managing our legal and operational affairs (including, managing risks relating to content and fraud matters);
- training KYC staff about how to best serve our user community;
- improving our products and services; and
- providing general administrative and performance functions and activities.
- Where you give us consent to provide you with marketing information about products and services which we feel may interest you
- For purposes which are required by law
- For the purpose of responding to requests by government, a court of law, or law enforcement authorities conducting an investigation.
With whom do we share information?
KYC will share personal information collected for our databases with its clients and users of the KYC service or as required by law, and only for the above (or related) purposes. KYC may also disclose the information to its related entities for purposes associated with running the KYC service or other usual business activities.
Personal information from watchlists held in our databases may be disclosed to overseas recipients as part of the KYC service. The recipients could be located in any country and it is not practicable to specify those countries in this policy.
Retention and deletion of personal information
Personal information collected from Clients who use the KYC service is retained only for the duration of the Client's subscription and for a period of time afterwards where we have an ongoing business need to retain it, in accordance with our data retention policies and practices. Following that period, we will make sure it is deleted or anonymised.
If you are a registered user of the KYC service you have various rights in relation to your personal information and we respect those rights. With regards to marketing emails, you can request us not to send you these at any time. You may still receive important account and service related information email notifications.
You also have rights to:
request a copy of personal information we hold about you;
update the personal information we hold about you, or correct such personal information that you think is incorrect or incomplete;
object to our processing of your personal information; and
be forgotten - delete your personal information subject to our legal rights and obligations to retain the same.
Also, if you use our website we will record your contact details, which may include your name, email address, address and phone number if you send them to us in an email or complete an online contact or demo request form. We will use your personal information to deal with your specific enquiry. If you do not provide this information we may not be able to respond to your enquiry.
For what purposes do we use this personal information?
We will only use the information provided for the purposes for which it was collected unless you have consented to us using, or would reasonably expect us to use, the information for a different purpose or as permitted by law.
Your contact details, including email address, may be added to our mailing list and your consent requested for us to use it for direct marketing purposes.
With whom do we share information?
Personal information collected for these other business activities will only be disclosed to our related entities and our and their personnel, our contractors, suppliers, service providers, business partners or others as you would reasonably expect for the above (or related) purposes and only otherwise disclosed as required by law.
Retention and deletion of personal information
The length of time we keep your personal data depends on what it is and whether we have an ongoing business need to retain it (for example, to provide you with a service you've requested or to comply with applicable legal, tax or accounting requirements).
We'll retain your personal data for as long as we have a relationship with you and for a period of time afterwards where we have an ongoing business need to retain it, in accordance with our data retention policies and practices. Following that period, we'll make sure it is deleted or anonymised.
If you communicate with us through a social networking service such as Twitter or Linked In, the social network provider and its partners may collect and hold your personal information overseas. This is not controlled by us and you should review their privacy policies.
- your server address
- your top-level domain (for example .com, .gov, .net etc.)
- the pages you accessed and the documents downloaded
- the previous site you have visited
- the type of web browser you are using.
- This information is however anonymous.
Links to other websites
How do we store and secure information?
We take reasonable steps to protect all information which we hold from misuse, interference and loss, and from unauthorised access, modification or disclosure. However, as the transmission of data over the internet is not totally secure, we cannot guarantee the security of your data during transmission.
All personal information held electronically is kept on secure servers and protected by firewall security systems. As noted above we may use a third party cloud service provider to store our information. We may also hold some personal information in hard copy. This may include client files, invoices and business cards. This information is subject to restricted access.
Accessing your Personal Information, Other Enquiries or Complaints
If you wish to access the personal information we hold about you or you think that your personal information is inaccurate and needs correction, please contact us at the address below. We will take reasonable steps to keep your personal information accurate, complete and up-to-date.
If you have a complaint concerning your privacy please contact us in writing using the details below. Any complaint will be investigated and responded to in a reasonable time.
All privacy-related enquiries or complaints should be directed to:
KYC Due Diligence Services
PO Box 23