Privacy Policy

I . KYC2020 is a Data Processor where we receive Personal Information from Users to process personal data on behalf of the Users for the purposes of providing Anti-Money Laundering and related services to the Users. These instances are:

• processing data that contains the personal information of Users’ end-users, or otherwise any information provided by Users for processing on their behalf through our products and services.

We are not responsible for the data privacy practices of our Users, which may differ from ours. If you have any questions about our Users’ data privacy practices, we encourage you to contact them directly.

We are neither informed nor responsible for actions, practices, or decisions of the Users as it relate to the use of our services to accept or deny an individual or entity. Use of our services is only upon acceptance by Users of our end-users license agreement and terms of our service with disclaimers that include: 1) The search technologies as well as the Data we aggregate are prone to error and may result in false positives and false negatives depending on many factors that may not be in the control of KYC2020. 2) The news Data we process and read is done via Natural Language Processing (NLP), including models for sentiment and context analysis, and name/entity recognition. These models are prone to false positives where articles with negative keywords may not actually be a negative or crime related article, the name screened may not be the prime actor or even associated with the news article, or other failures in our use of NLP, and 3) It is the responsibility of the Users (Customer) to review all outcomes and be solely responsible for making decisions to include or deny any individual or entity. If you have any issues with a Users’ use of our services or feel that you have been unfairly denied or profiled, we encourage you to contact them directly.

II . KYC2020 is a Data Controller where we receive Personal Information directly from you/with your permission. These instances are:

• From individuals who visit, use, or interact with the Site(s)
• business contacts who represent KYC2020 employees, current and prospective Users, vendors, and partners (collectively, “GDPR Data Subjects”).

III . KYC2020 is a Data Controller where we collect and process Personal Information directly from public, government, and news sources to build our anti-money laundering, sanctions, and adverse media watchlist data. These instances are:

• Sanctions, warnings, fitness & probity. Information available on public government lists covering sanctions, the prevention and detection of unlawful acts, and other protective functions
• Politically exposed persons. Information publicly available relating to individuals in prominent public positions, and their family members, close associates, and business interests.
• Adverse media. News articles available in public domain with keywords that may indicate connection with financial crime, terrorist financing, other relevant unlawful acts, improper conduct, dishonesty, news on PEPs/RCAs, etc.
• Corporate registry information. Information publicly available via corporate registries or from third parties, relating to individuals’ shareholdings and directorships.

From time to time, we will update this Privacy Policy to include additional information about our privacy practices related to a specific activities KYC2020 undertakes.

We may collect or receive personal information from the following categories of individuals or sources:

• Job applicants and employees of KYC2020
• Individuals who provide information by completing forms on our website
• Visitors to our website (KYC2020.com)
  • To process Users provided data to deliver Services
    Information Users provide enables us to deliver the intended Product(s) and Services (e.g. KYC, KYB, and Listed Person or Entity screening services).
  • To improve customer service
    Information Users provide helps us respond to their customer service requests and support those needs more efficiently
  • To personalize users experience
    We may use information in the aggregate to understand how our Users as a group use the services and resources provided by our Site.
  • To improve our Site
    We continually strive to improve our website offerings based on the information and feedback we receive from Users.
  • To improve our Site and our Product(s)
    We may use feedback that Users provide to improve our products and services.
  • To process payments
    We may use the information Users provide about themselves when placing an order solely to provide service for that order. We do not share this information with outside parties, except to the extent necessary to provide the service.
  • To run a promotion, contest, survey or other Site feature
    To send Users information they agreed to receive about topics we think will be of interest to them.
  • To send periodic emails
    We may use the email address to send Users information and updates pertaining to their order. It may also be used to respond to their inquiries, questions, and/or other requests. If a User’s decides to opt-in to our mailing list, they will receive emails that may include company news, updates, and related product or service information. If at any time a User’s would like to unsubscribe from receiving future emails, they can follow the detailed unsubscribe instructions provided at the bottom of each email or contact us through our Site.
• Users of our anti-money laundering (AML), sanctions, and adverse media screening services for publicly available sources, including government records and open databases
• Business partners, Users, vendors, and other professional contacts
• Personal data available from Public, Government, Regulatory, and News sources to create our Sanction, PEP, and Negative News Watchlist Database to help our Users meet anti-money laundering (AML) compliance obligations.

We collect and use your personal data to contact you and assess your application:

We collect employment-related data to manage payroll, benefits, performance, and meet legal obligations:

We collect personal data when users provide it to us by completing forms, subscribing to email updates, or requesting product demonstrations. This data is used to process users requests and provide the relevant information or services.

When users browse our website, we may collect certain information automatically.

We collect publicly available data to create our global watchlist database to help clients meet anti-money laundering (AML) and compliance obligations:

We collect contact and company details to manage relationships, support business operations, and conduct marketing outreach

As a data processor, we are not responsible for responding directly to data subject requests that come from the User’s end-user. However, in accordance with applicable data protection laws, we are required to assist the User in responding to such requests, to the extent reasonably possible and appropriate to the nature of our processing activities.

To exercise your rights per GDPR, please contact us at privacy@kyc2020.com. We will process such requests in accordance with GDPR timelines and requirements.

For questions or issues with how Users use our data or screening services in conjunction with other data and services, or review and clear false positives from technologies that are prone to errors, or make decisions to accept or deny for any purpose, please directly contact the User.

We adopt appropriate data collection, storage, and processing practices, as well as security, measures to protect against unauthorized access, alteration, disclosure or destruction of personal information, username, password, transaction information and data stored on our Site. Sensitive and private data exchange between the Site and its Users happens over an SSL-secured communication channel and is encrypted and protected with digital signatures.

We do not sell, trade, or lease our mailing lists including personal identification information to others, and we will not share Users personal information to any unaffiliated parties, except as follows:

• To third party service providers who help run our business, the Site or administer activities on our behalf such as sending newsletters or surveys. We may share Users information with these third parties for those limited purposes provided that the Users have given us their permission.
• We may share generic aggregated demographic information regarding visitors and Users with our business partners, trusted affiliates, and advertisers to enhance our Site including those related to the Product(s) and Service(s) provided.
• We may provide Users personal identification information and information about their usage of our Site and offerings if required by law, in a matter of public safety, as needed in connection with the transfer of our business assets in the case of acquisitions, or to protect our rights or property.

For the purposes of the Services, we use automated data collection tools such as Cookies to collect certain information. “Cookies” are small text files that are placed on Users’ devices by a Web server when they access our Services.

The categories of cookies used are:

• Necessary cookies: These cookies are needed to run our website, keep it secure, and comply with regulations that apply to us.
• Performance cookies: We may use analytics cookies on our website. We may use both session Cookies and persistent Cookies to identify that Users have logged in to the Services and to tell us how and when they interact with our Services. We may also use Cookies to monitor aggregate usage and web traffic routing on our Services and to customize and improve our Services. Unlike persistent Cookies, session Cookies are deleted when Users log off from the Services and close their browser.
• Targeting Cookies: We may use small files stored on browser that track online activity and are used to identify users across different websites, enabling personalized advertising and marketing efforts.

Users have the option of blocking or not allowing cookies, which is provided for by our cookie banner asking Users which type of cookie they wish to enable.

For more details about how we use these technologies, please see our Cookie Policy.

• All personal data collected is securely stored on servers located in the United States. By using our services, Users acknowledge and agree that their data may be transferred, stored, and processed in the United States or other jurisdictions where we or our service providers operate.
• These international transfers of Users personal information are made pursuant to the appropriate safeguards such as the standard data protection clauses and Data Privacy Framework (DPF) adopted by the European Commission. These clauses are contractual commitments between parties transferring personal data (for example, between KYC2020 and its Clients, suppliers, or data processors outside the EU), binding them to protect the privacy and security of the data.
• KYC2020 is a data processor and NOT the data controller for processing Users’ end-user personal data. For providing services in EU and other countries where we do not host local servers, we make best efforts to abide by the principles and provisions for GDPR Compliance as established by REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL OF THE EUROPEAN UNION as summarized by the following principles [click here].

We retain personal data only as long as necessary to fulfil the purposes for which it was collected or as required by applicable laws. Upon request, and where legally permissible, we will delete or anonymize personal data.

Protecting the privacy of the very young is very important. For that reason, we never collect or maintain information at our Site from those we actually know are under 13, and no part of our website is structured to attract anyone under 13.

We employ industry-standard security measures to protect Users’ personal data from unauthorized access, disclosure, alteration, and destruction. These measures include encryption, firewalls, and regular security assessments. While we strive to protect Users’ personal data, no method of data transmission or storage is completely secure, and we cannot guarantee absolute security.

Users may find advertising or other content on our Site that link to the sites and services of our partners, suppliers, advertisers, sponsors, licensors and other third parties. We do not control the content or links that appear on these sites and are not responsible for the practices employed by websites linked to or from our Site. In addition, these sites or services, including their content and links, may be constantly changing. These sites and services may have their own privacy policies and customer service policies. Browsing and interaction on any other website, including websites which have a link to our Site, is subject to that website’s own terms and policies.

If Users are using our services to process personal data on behalf of others (e.g., their customers or end-users), they are responsible for ensuring that they have obtained the necessary consents or legal basis to transfer and process personal data on servers located in the United States. By using our services, Users represent and warrant that their data collection, use, and sharing practices comply with all applicable data protection laws and regulations, including GDPR if applicable.

Additionally, per our End-Users License Agreement (EULA), the Users using our services acknowledge and accept the KYC2020 Service Disclaimer that A PASS, FAIL, CLEAR, VERIFY, HIT, NO HIT, or any other designation, recommendation, or outcome from a KYC2020 service or software is simply an identification as to whether the search subject has likely appeared in the lists or news identified by KYC2020. The search technologies as well as the Data are prone to error and may result in false positives and false negatives depending on many factors that may not be in the control of KYC2020. It is the responsibility of the Customer to review all outcomes and be solely responsible for making decisions to include or deny any individual or entity. A subject’s inclusion on or removal from any of the searched lists is not in the control and is not the responsibility or liability of KYC2020.

For questions, concerns, or to exercise Users rights under privacy laws, including GDPR, please contact us via email at: privacy@kyc2020.com

We take reasonable measures to protect Users’ personal data and comply with applicable laws, but we do not warrant that our services are completely error-free or secure against all risks. By using our services, Users’ acknowledge and accept this limitation.

KYC2020 has the discretion to update this privacy policy at any time. When we do, we will revise the updated date at the bottom of this page. We encourage Users to frequently check this page for any changes to stay informed about how we are helping to protect the personal information we collect. You acknowledge and agree that it is your responsibility to review this privacy policy periodically and become aware of modifications.

Participation in EU-US Data Privacy Framework (EU-US DPF), UK extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF):

KYC2020 has created this privacy notice based on the EU-U.S. Data Privacy Framework to help you understand how we are subject to and comply with the EU-U.S. Data Privacy Framework (EU -U.S.DPF), UK extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF).

The U.S. Department of Commerce has established this framework regarding the collection, use, and retention of personal information transferred from the European Union (“EU”) and the UK to the United States.

We are seasoned payments industry professionals and CAMS^TM certified AML specialists with deep software experience and provide Anti-Money Laundering and related services to the User. The list of entities in the scope includes:

KYC2020 headquartered in the USA, has certified that it adheres to the EU-U.S. DPF Principles and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce with respect to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF). If there is any conflict between the policies in this privacy policy and the data subject rights under the EU-U.S. DPF Principles, the EU-U.S. DPF Principles, the UK extension to the EU-U.S. DPF and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) shall govern. To learn more about the EU-US DPF program and to view our certification page, please visit Home (dataprivacyframework.gov) for more details.

• KYC2020 India Pvt. Ltd.

Type of Personal Data in Scope of EU-U.S. Data Privacy Framework, UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF)

We cover non-HR data in the framework. Based on the nature of the businesses listed above, KYC2020 will process any of the data elements listed in the section Information We Collect and Use

Purpose of Data in Scope of EU-U.S. Data Privacy Framework, UK Extension to the EU-US DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF):

Refer to the sections Following section provides the details on the data we collect, purpose, legal basis for processing, and access for the purpose of processing and its lawful basis.

We may be required to disclose Personal Data in response to lawful requests by public authorities, including requests to meet national security or law enforcement requirements. Prior to the transfer of Personal Data from the EU and the UK to the United States, we require a contractual confirmation from the Controller from whom we acquired the information that the Personal Data has been provided to us in accordance with GDPR, EU U.S. DPF, UK extension to the EU-U.S. DPF and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF), or the applicable EU Member State Data Protection law, thereby ensuring the data subjects have been provided with proper notice regarding how their Personal Data will be used.

Pursuant to the EU U.S. DPF Framework and UK extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) EU, UK, and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you access to the personal information we hold about you. You may also correct or amend\ the personal information we hold about you. Furthermore, you may delete data that has been handled in violation of the DPF Principles. An individual who seeks access to the information transferred to the United States under EU-U.S. DPF, UK extension to EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) should direct their query To privacy@kyc2020.com

KYC2020 is responsible for processing personal data it receives under the EU U.S. Data Privacy Framework, UK extension to EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) and subsequently transferring it to third parties as described in sections Sharing Users personal information

Since we share Personal Data with third parties as referenced above, we comply with the notice and choice principles as described above for all data disclosed or transferred to a third party. We take reasonable and appropriate steps designed to ensure that the third party effectively processes the Personal Data transferred in a manner consistent with our obligations under the Principles.

When we use data processors to perform processing tasks on our behalf and at our direction and instruction, we require our data processors either:

• Subscribe to the EU US DPF Program, UK extension to EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) (in the case of US-based processors), comply with the General Data Protection Regulations or
• Enter into a written agreement with us requiring the data processor(s) to process the data only for limited and specified purposes and to provide the same level of protection as KYC2020

In cases of onward transfer to third parties, we remain liable for the acts of the third party that are in violation of the EU U.S DPF. Principles and UK extension to EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) unless we can prove we were not a party giving rise to the damages.

We may be required to release EU and/or UK personal data in response to lawful requests by public authorities including to meet national security and law enforcement requirements.

We have an information security policy in place designed to protect Personal Data from loss, misuse, unauthorized access, disclosure, alteration, and destruction. Refer to Data Security for more details.

Any personal information received from our customers in which personal data of EU and UK citizens may be contained is treated as “Confidential,” and adequate technical and administrative controls are implemented across KYC2020

The personal information is used only for the purpose for which it has been collected and is shared within the organization on a need-to-know basis.

The technical and administrative controls ensure the preservation of the confidentiality, integrity, and availability of information per the contractual obligations to which KYC2020 has committed itself.

An individual may request access to the Personal Data processed pursuant to the EU U.S. DPF, UK extension to EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) we process as part of our Services Watchlist Database: GDPR Rights Applicability. Individuals have the right to learn whether data about him or her is found in our information products. This right applies only to Personal Data about the individual making the request and is subject to other limitations as defined by law.

Individuals can request access by sending a request to privacy@kyc2020.com. We agree to process all reasonable requests for access within a reasonable time period but reserve the right to deny access or limit access in cases where the burden or cost of providing access would be disproportionate to the risks to the individual’s privacy or when the request is manifestly unfounded or excessive.

KYC2020 is committed to resolving complaints regarding our collection or use of personal data. EU, UK & Swiss individuals with inquiries or complaints should first contact KYC2020 directly at privacy@kyc2020.com.

Because KYC2020 acts primarily as a Data Processor, we do not engage a dedicated Independent Recourse Mechanism (IRM) unless a matter cannot be resolved directly with the Data Controller or with KYC2020. In such unresolved cases, we agree to cooperate with the appropriate EU Data Protection Authorities (DPAs), the UK Information Commissioner’s Office (ICO), and the Swiss Federal Data Protection and Information Commissioner (FDPIC), and participate in binding arbitration under the DPF Principles as a final recourse.