The Data Controller connected with this Privacy Notice is KYC Global Technologies Limited (KYC Global or we, our or us) a company incorporated in Jersey, Channel Islands and registered with the Jersey Office of the Information Commissioner (JOIC) and all its wholly owned subsidiaries.
KYC Global owns and operates the products known as “kyc360.com”, “KYC360”, "RiskScreen" and “Panoptic”. This notice applies across all websites that we own and operate and all of the products and/or services we provide. For the purpose of this notice, we’ll just call them our ‘services’.
KYC Global collects personal data from two sources for the purpose of communicating with prospective customers:
KYC Global collects business intelligence regarding organisations and key personnel within those organisations, in order to better understand the market in which it operates. Any personal data collected for this purpose comes from publicly available sources.
KYC Global also interacts with data subjects who have an interest in Anti-Money Laundering (AML) offering them the opportunity to sign up to newsletters, events and webinars produced by KYC Global.
1.1. Lawful basis
The collection of personal data for this purpose is under the Lawful Basis of Legitimate Interest. Having conducted a Legitimate Interest Assessment, we have concluded that either because the information comes from public sources that the data subjects have decided to make aspects of their personal data publicly available, or they have chosen to subscribe to a free service provided by KYC Global, in which case, we must process their data so that we may communicate with them. In these instances, given the nature of the personal data being processed, we have determined that any risk to the data subject’s personal data is outweighed by the benefit the data subject receives from communicating with KYC Global.
1.2. Information collected
The personal data we may collect and process about you in connection with this purpose is:
1.2.2. Job Title
1.2.3. Email Address
1.2.4. Telephone number(s)
2. Purpose (Prospective customer and current customers)
In the event that you or the organisation you represent either requests a proposal or commissions a service from KYC Global we will process your data in order to fulfil that request or service delivery.
2.1. Lawful basis
The collection and processing of your data for the purpose outlined in paragraph 2 is under the Lawful Basis of Contract, because we need to process this data in order manage a potential contract or contract with the organisation you represent.
2.2. Information collected
The personal data we may collect and process about you in connection with this purpose is:
- 2.2.1. Name
- 2.2.2. Organisation and Job Title
- 2.2.3. Email Address
- 2.2.4. Telephone Number(s)
- 2.2.5. Address
- 2.2.6. Depending upon the procurement methodology, we may take payment details.
Under the Lawful Basis referenced in paragraph 2.1, your data will be retained until the end of the financial year in which your contract ceases and then for a further 7 years thereafter, in accordance with Revenue Jersey advice.
At the end of the relevant retention period outlined for each purpose above, your data will be destroyed using an approved method, unless prevented by Court order.
4. Data sharing
KYC Global only uses this personal data for its own purposes and only shares it with third parties so that they may assist KYC Global in the data’s processing. Where KYC Global shares data with a processor, this is done for specific purposes, under the control of KYC Global and is subject to appropriate contractual clauses or a separate data sharing agreement. Personal data covered by this Privacy Notice is shared with the following organisations:
- 4.1 Microsoft Inc. for the purposes of providing an email facility.
- 4.2 Millbridge Systems Ltd. in their provision of IT support.
- 4.3 Salesforce UK Limited for the purposes of CRM.
- 4.4 SalesLoft, Inc. for the purposes of sales support and data enrichment.
- 4.5 Cognism Ltd for the purpose of database analysis and update.
- 4.6 Olark, for the purposes of a live chat function.
5. Rights of a data subject
- 5.1. Under the General Data Protection Regulation (GDPR) and Data Protection (Jersey) Law 2018, a data subject has certain rights regarding the control and processing of personal data. Details regarding these rights can be found on the Jersey Office of the Information Commissioner’s (JOIC) website.
- 5.2. Should you wish to contact KYC Global in order to exercise any of these rights, please email our Data Protection Manager using the following email address: email@example.com.
- 6.1. Recognising the importance of information security to our business and clientele, KYC Global is an ISO 27001 certified organisation. Within our information security strategy, KYC Global recognises the importance of personal data to our prospective and current customers. So, we endeavour to put in place appropriate organisational and technical measures to protect that data.
- 6.2. Personal data we hold on electronic media is encrypted and stored on secured servers.
- 6.3. Personal data held on paper is secured in locked cabinets with access only to appropriately authorised personnel.
- 6.4. Data Subjects should be aware that not all electronic communications are secure. We use Transport Layer Security (TLS) to encrypt and protect email traffic in line with government advice. However, if your email service does not support TLS, you should be aware that any emails we send or receive may not be protected in transit.
- 6.5. Prospective and current customers should also be aware that we will monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.
7. Data protection concerns
Should you have any concerns regarding the way an organisation is processing your personal data, the JOIC recommends that in the first instance you contact the organisation concerned. If the organisation does not address those concerns in an appropriate manner, you then have the option to escalate the issue to the JOIC. If you wish to contact us because you have concerns about our use of your personal data, please contact us using the details provided in paragraph 5.2.
This Privacy Notice is kept under review and it is updated as appropriate. It was last updated on 25th January 2023.
Notice for Data Subjects who do not have a direct contractual relationship with KYC Global Ltd (‘KYC360’).
There may be circumstances where as a Data Subject, you find that your personal data has been processed using a KYC360 service. Please be aware that in such circumstances it is likely that KYC360 will not be processing your data in the capacity of Controller, but as a Processor acting on the instructions of another party. (The terms Controller and Processor having the meanings given in both the Data Protection (Jersey) Law 2018 and Regulation (EU) 2016/679 (GDPR) Article 4 (7) and (8)).
The KYC360 applications process personal data whilst acting as a technological interface between databases compiled and controlled by third parties (‘Databases’) and organisations who wish to access the Databases because they have a statutory or regulatory obligation to carry out “know your client,” (KYC) and / or anti-money laundering (AML) checks. The Databases contain profiles of individuals and legal persons that are:
- Subject to sanctions measures
- Politically Exposed Persons
- Named on national and international Watch Lists
- Subject to adverse media coverage in connection to matters of financial crime, legal process and/or reputational risk
- Relatives and close associates of persons in the above categories
The third parties who compile the Databases do so from the public record. Whilst they aim to ensure that their databases are accurate and they do consider requests for rectification under Article 16 of the GDPR, they normally request evidence to show that the public record is factually incorrect.
KYC360’s clients, who use the KYC360 service to search the Databases, include leading financial institutions and providers of professional services. If you are a customer of an organization which uses the KYC360 service, that organization is likely to be the Controller of any personal data of yours which it holds. It is therefore best placed to assist you if you wish to exercise any of your data subject rights under Articles 16-22 of the GDPR in relation to data which it holds.
KYC360 itself does not undertake any automated decision-making based on the personal data we process. KYC360’s clients may use a KYC360 report, possibly in combination with other sources of information, to inform their own independent decision-making processes. Therefore, should you, as a data subject, have any issues with regards to the decision that an organisation may have taken in relation to you, we would recommend that you address your concerns directly with the organisation concerned.
As noted, the KYC360 applications are a technological interface between databases controlled by others and organisations who wish to access the Databases. So, KYC360 does not itself have the ability to amend the Databases or alter decisions taken by KYC360’s clients, acting in reliance on the information contained within the Databases.
Requests to exercise your rights of rectification or erasure in relation to the Databases should be made to the database(s) controller(s). Their contact details are:
- World-Check (Refinitiv): am I Listed on World-Check? | Refinitiv;
- Dow Jones – Dow Jones – DSAR Portal (onetrust.com)
If you still wish to raise any data-related issues directly with us, in particular with connection to any personal data we control, we ask that you read the corresponding Privacy Notice and direct your enquiry to our Data Protection Officer using the email address – privacy@KYC360.com.