Our Privacy Statement
Know Your Customer Limited (â€œKYCâ€) is subject to the BD Data Protection Regulation (â€œGDPRâ€) and the BD (Privacy) Ordinance, and amendments thereto (â€œPDPOâ€).
This Privacy Statement explains how, applying the applicable data protection principles under the GDPR and PDPO, we collect and process personal data for third parties (â€œKYC Clientâ€ or â€œKYC Clientsâ€) and for our business. For the purposes of the GDPR KYC Clients are deemed data controllers and for the purposes of PDPO they are deemed data users.
The KYC Clients have engaged the services of KYC to provide identity verification services and assist in the collation of due diligence documentation on the KYC Clients prospective and existing customers (the â€œCustomerâ€ or â€œCustomersâ€), when the KYC Clients Customers provide their personal data to us through the submission of information, forms or documents (in whatever format) through an upload to our website, use of our mobile application or otherwise.
Personal Data we process enables us to identify the Customers either directly or indirectly by reference to an identifier. Examples of identifiers we process are name, identification number, location data, an online identifier or one or more factors relating specifically to the economic, cultural or social identity of the natural person (â€œPersonal Dataâ€).
KYC is a data processor which means that we process Personal Data on behalf of the KYC Clients. Dependent upon the checks that KYC has been engaged by the KYC Client to undertake, KYC may use sub-processors. Prior to working with any sub-processor, KYC ensures that they comply with the GDPR, the PDPO or any other relevant data protection legislation that may be applicable.
The result of the Customerâ€™s verification process, as well as all details and documents provided by Customers to the KYC Clients via the KYC website, mobile application or otherwise are available solely to the KYC Client with whom the Customer is engaging and the Personal Data is provided as part of the KYC Clientâ€™s collation and evaluation of due diligence documentation on potential new and existing Customers to comply with applicable International Anti Money Laundering legislation. KYC does not have access to any Customer Personal Data.
For Customers who are not resident within the EEA, you should note that if the KYC Client you are engaged with is resident in a country other than your country of residence, there is a possibility your Personal Data will be transferred outside your country of residence. You should consult with the relevant contact at the KYC Client for further details in relation to jurisdictions used for the transfer of your Personal Data.
Individuals (individually a â€œSubscriberâ€ and collectively the â€œSubscribersâ€) may also sign up for news and marketing updates about our business via our website and other marketing tools such as marketing automation platforms. In these instances, KYC is acting as a data controller and data processor. The Personal Data collected enables us to identify Subscribers through a combination of the information provided during the sign-up process. The Personal Data is stored and retained by us for use as part of our marketing activities.
Purpose of Collection, Processing and Disclosure
The Personal Data provided by Customers will be used by KYC for the purposes of processing for any one or more of the following purposes:
- To enable the KYC Clients to identify and/or verify the identity of the Customers in accordance with applicable International Anti Money Laundering regulations;
- To disclose to the KYC Clients by way of restricted access to the solution, to enable them to verify the identity of their Customers in accordance with applicable International Anti Money Laundering regulations;
- For any other specific purposes requested by the KYC Clients; or
- To comply with legal and regulatory obligations applicable to the KYC Clients. Personal Data provided by Subscribers will be used by KYC to provide marketing information and news updates to the Subscribers about our business and industry news.
- The right to access their own Personal Data;
- The right to have their Personal Data rectified if it is inaccurate or incomplete;
- The right to request deletion or removal of their Personal Data where there is no good reason for processing to continue;
- The right to restrict processing of their Personal Data;
- The right to data portability to enable the moving, copying or transferring of Personal Data from one platform to another;
- The right to object to the processing of their Personal Data in certain circumstances; and
- Rights relating to profiling and automated decision making resulting from the processing of their Personal Data.
KYC undertakes to adhere to best practice in terms of security of the Personal Data collected. All systems use a Role Based Access Control with enforced multi-factor authentication. All data at rest is secured using 256 bit AES encryption as well as SSL/TLS is used for data in transit.
A cookie is a piece of information in the form of a very small text file that is placed on an internet userâ€™s hard drive. It is generated by a web page server, which is basically the computer that operates a web site. The information the cookie contains is set by the server and it can be used by that server whenever the user visits the site. A cookie can be thought of as an internet userâ€™s identification card, which tells a web site when the user has returned.
on this website. This can be done by consulting the help section of your browser or taking a look at 247tvHD which offers guidance for all modern browsers.
Rights of the Data Subject
GDPR provides data subjects with the following rights:
Acceptance of Terms
Please note that by downloading, installing or using our mobile application for the upload of Personal Data, or by uploading Personal Data via a KYC webpage, or a marketing automation platform, you are accepting the practices described in this Privacy Statement and agree to the processing of your Personal Data by KYC as described in this document. For Subscribers who are a resident of the EEA, in acceptance of these terms you are providing explicit consent to KYC for the processing of the Personal Data to comply with GDPR and that in giving your consent, and uploading the Personal Data, you are agreeing to the processing of the Personal Data by KYC for the purposes as set out in the sign-up form submitted to KYC, and that in giving such consent, your Personal Data may be transferred outside of the EEA to other companies within the KYC group for marketing purposes.
Amendments or Updates to this Privacy Statement
KYC reserves full rights to amend or update this Privacy Statement unilaterally from time to time as it sees fit or necessary to meet any change in any of the relevant laws or the regulatory environment, or business needs, or to satisfy the needs of stakeholders in the business. Updated versions will be posted to the KYC website and date stamped so that you are always aware of when the Privacy Statement was last updated. The whole content of this Privacy Statement will then be construed accordingly in conjunction with such amended or updated versions.