Privacy Notice
Top
This Privacy Notice explains how KYC Global Technologies Limited, KYC360 Academy Limited and our affiliates (referred to as “KYC360”, “we”, “us” or “our”) collect and use personal data about you when you visit our website(s) or use our products and services (such as kyc360.com, RiskScreen, Panoptic and the KYC360 Academy). This Privacy Notice applies across all websites that we own and operate and all of the products and/or services we provide (collectively “Services”).
KYC360 is the controller in respect of any personal data covered by this Privacy Notice (i.e. we determine the purposes and means of the processing of personal data). This means we are responsible for complying with applicable data protection law.
1. Purposes for which your personal data will be used
This section describes the purposes for which we may use personal data, as well as the type of personal data we may collect and the legal basis we rely upon in order to process that data.
Services |
|
KYC360 Academy |
|
Market research |
|
Marketing |
|
Website and cookies |
|
2. How your personal data will be shared
2.1 | We may, where appropriate, share your personal data with other members of our corporate group which currently comprises: KYC Global Technologies Limited, KYC Global Technologies (UK) Limited and KYC360 Academy Limited for any of the purposes described above. KYC Global Technologies (UK) Limited acts as a processor for other members of the group and provides office support, marketing and other data processing services. |
2.2 | We may also share your personal data with our third party service providers who assist us with our products, services, websites and business operations. These third parties process personal data on our behalf as our processors. They only process personal data for specific purposes, under our control and subject to appropriate contracts. The following is a (non-exhaustive) list of processors with whom we may share your personal data and the purpose for which they may process that data:
|
3. How long we keep your personal data
3.1 | We will retain your personal data only for as long as necessary for the purpose for which that data was collected. If you require further information on the retention periods of any specific personal data, please contact our DPO (see Contact Us details below). |
3.2 | At the end of the applicable retention period and assuming we have no other reason to retain your data (such as a court order or a legal obligation with which we must comply), we will destroy or erase your personal data using a secure method. |
4. Your data subject rights
4.1 |
If the processing of your personal data is subject to the data protection laws of the EU, UK, Jersey or other countries that have similar laws, you have the right to:
|
4.2 | Should you wish to contact us in order to exercise any of these rights, please email our Data Protection Officer (see Contact Us section below). |
5. How we keep your personal data secure
5.1 | We recognise the importance of ensuring personal data is protected. We have in place appropriate organisational and technical measures to safeguard personal data that comply with the requirements of applicable data protection law. |
5.2 | We ensure that personal data we hold on electronic media is encrypted and stored on secured servers. We also monitor emails sent to us, including file attachments, for viruses or malicious software. However, please be aware that not all electronic communications are secure. We use Transport Layer Security (TLS) to encrypt and protect email traffic. However, if your email service does not support TLS, you should be aware that any emails we send or receive may not be protected in transit. |
6. International transfers of your personal data
6.1 | Depending on the purpose for which we are processing your personal data, we may need to transfer your personal data to a country that is outside your home country. This is because our clients are located all over the world and we have service providers (i.e. processors) that are also located in countries outside the EU, Jersey and UK. For example: both Docebo Inc and Accredible Inc (see section 2.2 above for a description of the services they provide) may transfer personal data that originates in the EU, UK, Jersey or Switzerland to the United States and other countries in which they operate. Docebo Inc and Accredible Inc have in place measures to ensure the protection of personal data that is transferred in this way (such as the Data Privacy Framework for transfers to the US or the Standard Contractual Clauses). |
6.2 | If we transfer your personal data to another country, it is possible it could be accessed by third parties, such as public authorities, law enforcement agencies and/or the courts of that other country. Before we make the transfer, we will comply with applicable data protection law and take steps to ensure there are appropriate safeguards in place to protect your personal data (e.g. by putting in place a data transfer agreement). |
7. Additional information for end customers of KYC360 clients
7.1 | There may be circumstances where your personal data has been processed using a KYC360 service. In such circumstances, it is likely that KYC360 is not processing your personal data as a controller, but rather as a processor acting on the instructions of another party (who will be the controller). |
7.2 |
KYC360 applications process personal data whilst acting as a technological interface between databases compiled and controlled by third parties (“Databases”) and organisations who wish to access the Databases because they have a statutory or regulatory obligation to carry out “know your client” (KYC) and/or anti-money laundering (AML) checks. The Databases contain profiles of individuals and legal persons that are:
|
7.3 |
The third parties who compile the Databases do so from the public record. Whilst they aim to ensure their Databases are accurate and they do consider requests for rectification under applicable data protection law, they normally request evidence to show that the public record is factually incorrect.
|
7.4 |
KYC360’s clients, who use our Services to search the Databases, include leading financial institutions and providers of professional services. If you are a customer of an organisation which uses KYC360 Services, that organisation is likely to be the controller of any personal data of yours which it holds. That organisation is therefore best placed to assist you if you wish to exercise any of your data subject rights.
|
7.5 |
KYC360 itself does not undertake any automated decision-making based on the personal data we process. KYC360’s clients may use a KYC360 report, possibly in combination with other sources of information, to inform their own independent decision-making processes. Therefore, should you, as a data subject, have any issues with regards to the decision that an organisation may have taken in relation to you, we would recommend that you address your concerns directly with the organisation concerned.
|
7.6 |
As mentioned above, the KYC360 applications are a technological interface between databases controlled by others and organisations who wish to access the Databases. Therefore, KYC360 does not itself have the ability to amend the Databases or alter decisions taken by KYC360’s clients, acting in reliance on the information contained within the Databases.
|
7.7 |
Requests to exercise your rights of rectification or erasure in relation to the Databases should be made to the database(s) controller(s). Their contact details are available here:
|
7.8 |
If you still wish to raise any data-related issues directly with us, in particular in connection with any personal data in respect of which we are the controller, we ask that you direct your enquiry to our Data Protection Officer (see Contact Us section below).
|
8. Contact us
8.1 |
You can contact our Data Protection Officer by email at: privacy@kyc360.com The registered address for both KYC Global Technologies Limited (company no. 120738) and KYC360 Academy Limited (company no. 158595) is: 6 Esplanade, St Helier, Jersey JE1 1BX. |
8.2 | If you have any concerns regarding the processing of your personal data by KYC360, we would ask you to contact us in the first instance to give us an opportunity to address those concerns. However, you have the right to lodge a complaint with the relevant data protection supervisory authority if you consider that our processing infringes applicable data protection law. Our supervisory authority is the Jersey Office of the Information Commissioner which can be contacted by email at enquiries@jerseyoic.org or phone: +44 1534 716530. |
9. Updates to this Privacy Notice
This Privacy Notice is kept under review and it is updated as appropriate. It was last updated on 17 March 2025.