Privacy Notice

This Privacy Notice explains how KYC Global Technologies Limited, KYC360 Academy Limited and our affiliates (referred to as “KYC360”, “we”, “us” or “our”) collect and use personal data about you when you visit our website(s) or use our products and services (such as kyc360.com, RiskScreen, Panoptic and the KYC360 Academy). This Privacy Notice applies across all websites that we own and operate and all of the products and/or services we provide (collectively “Services”).
 
KYC360 is the controller in respect of any personal data covered by this Privacy Notice (i.e. we determine the purposes and means of the processing of personal data). This means we are responsible for complying with applicable data protection law.
 
 

This section describes the purposes for which we may use personal data, as well as the type of personal data we may collect and the legal basis we rely upon in order to process that data.

 

  Services
  • Purpose – If you, or the organisation you represent, request a proposal, or commission a Service from KYC360, or enter into an agreement for the provision of Services, we may process your personal data in order to fulfil that request and for our operational and business purposes, including performing the Services, providing customer service, monitoring security incidents, preventing or detecting fraud and other prohibited or illegal activity. 
  • Personal data – We may collect any of the following personal data in connection with this purpose: name, organisation, job title, email address, telephone number(s), postal address, online identifiers, payment details (depending on procurement method used).
  • Legal basis for processing – KYC360’s legitimate interests of managing our Services, business development and service delivery.

  KYC360 Academy

  • Purpose – If you register to use the KYC360 Academy, we will use your personal data to manage your account, keep track of your progress, record your course achievements, keep a record of your certificates, and communicate with you about the KYC360 Academy. 
  • Personal data – We may collect any of the following personal data in connection with this purpose: name, organisation, job title, email address, telephone number(s), postal address, username, password, learning progress, achievements and certificates, your responses to surveys, your feedback or any suggestions you make for improvements and any communications between you and KYC360. 
  • Legal basis for processing – We rely on one of the following grounds to process your personal data lawfully: (i) your consent, (ii) the processing is necessary for the performance of the Terms of Use contract which you are asked to accept when you sign up to use the KYC360 Academy or (iii) KYC360’s legitimate interests of managing the KYC360 Academy, business development and service delivery.

  Market research

  • Purpose – We may collect business intelligence data regarding organisations and their key personnel in order to better understand the market in which that organisation operates and to enable us to develop, enhance and improve our Services.
  • Personal data – We may collect any of the following personal data in connection with this purpose: name, job title, email address, telephone number(s) (generally available from publicly available sources).
  • Legal basis for processing – KYC360’s legitimate interests of business development, service improvement and market analysis.
  Marketing
  • Purpose – We may process personal data in relation to our marketing, education and training activities, for example, when we interact with individuals who have an interest in Anti-Money Laundering (AML), screening, financial crime prevention (including KYC/KYB) and similar services to provide them with information, such as newsletters and updates, as well as invitations to attend relevant events and webinars.
  • Personal data – We may collect any of the following personal data in connection with this purpose: name, job title, email address, telephone number(s) and postal address.
  • Legal basis for processing – (i) Consent, which is given when an individual agrees to receive direct marketing communications from us. Individuals are free to withdraw their consent at any time, or (ii) KYC360’s legitimate interests of business development, growth and relationship management.

  Website and cookies

  • Purpose – We may process personal data for the purpose of administering and managing the operation of our website(s), including any services available through our websites and the use of cookies. See our Cookies Notice here for more detailed information about our use of cookies.
  • Personal data – We may process IP address information, as well as website usage data and device data.
  • Legal basis for processing – (i) Consent to the use of non-essential cookies, which consent can be withdrawn at any time, or (ii) KYC360’s legitimate interests in respect of the use of essential cookies which are used to enable the function and operation of our website(s) and improve website performance and user experience.  

2.1 We may, where appropriate, share your personal data with other members of our corporate group which currently comprises: KYC Global Technologies Limited, KYC Global Technologies (UK) Limited and KYC360 Academy Limited for any of the purposes described above. KYC Global Technologies (UK) Limited acts as a processor for other members of the group and provides office support, marketing and other data processing services.
2.2 We may also share your personal data with our third party service providers who assist us with our products, services, websites and business operations. These third parties process personal data on our behalf as our processors. They only process personal data for specific purposes, under our control and subject to appropriate contracts. The following is a (non-exhaustive) list of processors with whom we may share your personal data and the purpose for which they may process that data:
  • Microsoft Inc – for the purpose of providing email and cloud services;
  • Millbridge Systems Ltd – for the purpose of providing IT support services;
  • HubSpot Ireland Ltd – for the purposes of providing Customer Relationship Management (CRM) services;
  • Cognism Ltd – for the purpose of providing database analysis and updates;
  • Docebo Inc – for the purpose of providing a hosted Learning Management System for the KYC360 Academy, as well as support services; and
  • Accredible Inc – for the purpose of providing a digital credentialing platform to assist with the creation, issue and management of digital certificates and badges for users of KYC360 Academy.
We may update this list from time to time and, if we do, we will update this Privacy Notice accordingly.

 


 
3.1 We will retain your personal data only for as long as necessary for the purpose for which that data was collected. If you require further information on the retention periods of any specific personal data, please contact our DPO (see Contact Us details below). 
3.2 At the end of the applicable retention period and assuming we have no other reason to retain your data (such as a court order or a legal obligation with which we must comply), we will destroy or erase your personal data using a secure method.

 


 
4.1
If the processing of your personal data is subject to the data protection laws of the EU, UK, Jersey or other countries that have similar laws, you have the right to: 
  • request information about how we process your personal data and to obtain a copy of that personal data;
  • request the rectification of inaccurate personal data about you and for any incomplete personal data about you to be completed;
  • object to the processing of your personal data which is based on our legitimate interests;
  • request the erasure of your personal data (subject to certain conditions);
  • object to decisions being taken about you based solely on automated processing if that decision produces legal or similarly significant effects concerning you;
  • ask us to restrict our processing of your personal data so that we no longer process that data until the restriction is lifted; and
  • request to receive your personal data (which you have provided to us) in a structured, commonly used and machine-readable format and to have that information transmitted to another organisation in certain circumstances.
4.2 Should you wish to contact us in order to exercise any of these rights, please email our Data Protection Officer (see Contact Us section below).

 
5.1 We recognise the importance of ensuring personal data is protected. We have in place appropriate organisational and technical measures to safeguard personal data that comply with the requirements of applicable data protection law. 
5.2 We ensure that personal data we hold on electronic media is encrypted and stored on secured servers. We also monitor emails sent to us, including file attachments, for viruses or malicious software. However, please be aware that not all electronic communications are secure. We use Transport Layer Security (TLS) to encrypt and protect email traffic. However, if your email service does not support TLS, you should be aware that any emails we send or receive may not be protected in transit.

 
6.1 Depending on the purpose for which we are processing your personal data, we may need to transfer your personal data to a country that is outside your home country. This is because our clients are located all over the world and we have service providers (i.e. processors) that are also located in countries outside the EU, Jersey and UK. For example: both Docebo Inc and Accredible Inc (see section 2.2 above for a description of the services they provide) may transfer personal data that originates in the EU, UK, Jersey or Switzerland to the United States and other countries in which they operate. Docebo Inc and Accredible Inc have in place measures to ensure the protection of personal data that is transferred in this way (such as the Data Privacy Framework for transfers to the US or the Standard Contractual Clauses).
6.2 If we transfer your personal data to another country, it is possible it could be accessed by third parties, such as public authorities, law enforcement agencies and/or the courts of that other country. Before we make the transfer, we will comply with applicable data protection law and take steps to ensure there are appropriate safeguards in place to protect your personal data (e.g. by putting in place a data transfer agreement). 

 
7.1 There may be circumstances where your personal data has been processed using a KYC360 service.  In such circumstances, it is likely that KYC360 is not processing your personal data as a controller, but rather as a processor acting on the instructions of another party (who will be the controller).
7.2
KYC360 applications process personal data whilst acting as a technological interface between databases compiled and controlled by third parties (“Databases”) and organisations who wish to access the Databases because they have a statutory or regulatory obligation to carry out “know your client” (KYC) and/or anti-money laundering (AML) checks.   The Databases contain profiles of individuals and legal persons that are: 
  • Subject to sanctions measures; 
  • Politically Exposed Persons; 
  • Named on national and international Watch Lists; 
  • Subject to adverse media coverage in connection to matters of financial crime, legal process and/or reputational risk; and
  • Relatives and close associates of persons in the above categories.
7.3
The third parties who compile the Databases do so from the public record. Whilst they aim to ensure their Databases are accurate and they do consider requests for rectification under applicable data protection law, they normally request evidence to show that the public record is factually incorrect. 
7.4
KYC360’s clients, who use our Services to search the Databases, include leading financial institutions and providers of professional services. If you are a customer of an organisation which uses KYC360 Services, that organisation is likely to be the controller of any personal data of yours which it holds.  That organisation is therefore best placed to assist you if you wish to exercise any of your data subject rights. 
7.5
KYC360 itself does not undertake any automated decision-making based on the personal data we process.  KYC360’s clients may use a KYC360 report, possibly in combination with other sources of information, to inform their own independent decision-making processes. Therefore, should you, as a data subject, have any issues with regards to the decision that an organisation may have taken in relation to you, we would recommend that you address your concerns directly with the organisation concerned.
7.6
As mentioned above, the KYC360 applications are a technological interface between databases controlled by others and organisations who wish to access the Databases. Therefore, KYC360 does not itself have the ability to amend the Databases or alter decisions taken by KYC360’s clients, acting in reliance on the information contained within the Databases.
7.7
Requests to exercise your rights of rectification or erasure in relation to the Databases should be made to the database(s) controller(s). Their contact details are available here:  
7.8
If you still wish to raise any data-related issues directly with us, in particular in connection with any personal data in respect of which we are the controller, we ask that you direct your enquiry to our Data Protection Officer (see Contact Us section below). 

 
8.1

You can contact our Data Protection Officer by email at: privacy@kyc360.com  

The registered address for both KYC Global Technologies Limited (company no. 120738) and KYC360 Academy Limited (company no. 158595) is: 6 Esplanade, St Helier, Jersey JE1 1BX. 

8.2 If you have any concerns regarding the processing of your personal data by KYC360, we would ask you to contact us in the first instance to give us an opportunity to address those concerns. However, you have the right to lodge a complaint with the relevant data protection supervisory authority if you consider that our processing infringes applicable data protection law. Our supervisory authority is the Jersey Office of the Information Commissioner which can be contacted by email at enquiries@jerseyoic.org or phone: +44 1534 716530.

 

This Privacy Notice is kept under review and it is updated as appropriate. It was last updated on 17 March 2025.