Know Your Customer Limited
As of 24th April 2018
Our Privacy Statement
Know Your Customer Limited (“KYC”) is subject to the EU General Data Protection Regulation (“GDPR”) and the Hong Kong Data (Privacy) Ordinance, and amendments thereto (“PDPO”).
This Privacy Statement explains how, applying the applicable data protection principles under the GDPR and PDPO, we collect and process personal data for third parties (“KYC Client” or “KYC Clients”) and for our business. For the purposes of the GDPR KYC Clients are deemed data controllers and for the purposes of PDPO they are deemed data users.
The KYC Clients have engaged the services of KYC to provide identity verification services and assist in the collation of due diligence documentation on the KYC Clients prospective and existing customers (the “Customer” or “Customers”), when the KYC Clients Customers provide their personal data to us through the submission of information, forms or documents (in whatever format) through an upload to our website, use of our mobile application or otherwise.
Personal Data we process enables us to identify the Customers either directly or indirectly by reference to an identifier. Examples of identifiers we process are name, identification number, location data, an online identifier or one or more factors relating specifically to the economic, cultural or social identity of the natural person (“Personal Data”).
KYC is a data processor which means that we process Personal Data on behalf of the KYC Clients. Dependent upon the checks that KYC has been engaged by the KYC Client to undertake, KYC may use sub-processors. Prior to working with any sub-processor, KYC ensures that they comply with the GDPR, the PDPO or any other relevant data protection legislation that may be applicable.
The result of the Customer’s verification process, as well as all details and documents provided by Customers to the KYC Clients via the KYC website, mobile application or otherwise are available solely to the KYC Client with whom the Customer is engaging and the Personal Data is provided as part of the KYC Client’s collation and evaluation of due diligence documentation on potential new and existing Customers to comply with applicable International Anti Money Laundering legislation. KYC does not have access to any Customer Personal Data.
For the purposes of GDPR, it should be noted that dependent upon the location of the KYC Client, and the Anti Money Laundering legislation with which they must comply, Personal Data may be transferred or accessed outside the European Economic Area (“EEA”) at the request of the KYC Client.
For Customers who are not resident within the EEA, you should note that if the KYC Client you are engaged with is resident in a country other than your country of residence, there is a possibility your Personal Data will be transferred outside your country of residence. You should consult with the relevant contact at the KYC Client for further details in relation to jurisdictions used for the transfer of your Personal Data.
Individuals (individually a “Subscriber” and collectively the “Subscribers”) may also sign up for news and marketing updates about our business via our website and other marketing tools such as marketing automation platforms. In these instances, KYC is acting as a data controller and data processor. The Personal Data collected enables us to identify Subscribers through a combination of the information provided during the sign-up process. The Personal Data is stored and retained by us for use as part of our marketing activities.
Dependent upon the marketing tools that we use to facilitate the sign-up process, we may on occasion use a third party data processor to process the Personal Data of Subscribers. In such circumstances, Subscribers will be made aware of this during the sign-up process and asked to provide consent accordingly. Third parties we use for data processing adhere to data protection legislation as applicable.
For the purposes of GDPR, it should be noted that dependent upon the location of the Subscriber, Personal Data may be transferred or accessed outside the EEA as part of marketing activities within the group operating companies of KYC. For Subscribers who are not resident within the EEA or Hong Kong, you should note that there is a probability that your Personal Data will be transferred outside your country of residence. If you have any questions in relation to this, please contact the Data Protection Officer at email@example.com.
Purpose of Collection, Processing and Disclosure
The Personal Data provided by Customers will be used by KYC for the purposes of processing for any one or more of the following purposes:
- To enable the KYC Clients to identify and/or verify the identity of the Customers in accordance with applicable International Anti Money Laundering regulations;
- To disclose to the KYC Clients by way of restricted access to the solution, to enable them to verify the identity of their Customers in accordance with applicable International Anti Money Laundering regulations;
- For any other specific purposes requested by the KYC Clients for which their Customers have given specific consent; or
- To comply with legal and regulatory obligations applicable to the KYC Clients.
Personal Data provided by Subscribers will be used by KYC to provide marketing information and news updates to the Subscribers about our business and industry news.
KYC undertakes to adhere to best practice in terms of security of the Personal Data collected. All systems use a Role Based Access Control with enforced multi-factor authentication. All data at rest is secured using 256 bit AES encryption as well as SSL/TLS is used for data in transit.
A cookie is a piece of information in the form of a very small text file that is placed on an internet user’s hard drive. It is generated by a web page server, which is basically the computer that operates a web site. The information the cookie contains is set by the server and it can be used by that server whenever the user visits the site. A cookie can be thought of as an internet user’s identification card, which tells a web site when the user has returned.
Access to Information
Customers and Subscribers have a right of access to their Personal Data as well as the right to amend and rectify any inaccuracies in their Personal Data processed by KYC. Subscribers also have the right to request erasure of, or restriction of processing of their Personal Data held by KYC. Customers should direct any requests for erasure and restriction of processing of their Personal Data to their contact at the KYC Client.
Customers can make requests to the relevant contact at the KYC Client or by e-mail addressed to the Data Protection Officer at DataProtection@knowyourcustomer.com. Subscribers should send requests to the Data Protection Officer at KYC by emailing DataProtection@knowyourcustomer.com.
Alternatively requests by Customers and Subscribers may be made in writing and sent to:
The Data Protection Officer
Know Your Customer Limited
6/F, Wyndham Place
40-44 Wyndham St.
Subscribers may also unsubscribe from any future communications from KYC by selecting the unsubscribe option in our email correspondence.
Acceptance of Terms
Please note that by downloading, installing or using our mobile application for the upload of Personal Data, or by uploading Personal Data via a KYC webpage, or a marketing automation platform, you are accepting the practices described in this Privacy Statement and agree to the processing of your Personal Data by KYC as described in this document.
If you are a resident of the EEA, in acceptance of these terms you are providing explicit consent to KYC for the processing of the Personal Data to comply with GDPR and that in giving your consent, and uploading the Personal Data, you are agreeing to the processing of the Personal Data by KYC for the purposes as set out in the contract, agreement, application form or such other document as may be relevant and entered into between you and the KYC Client, and that in giving such consent, your Personal Data may be transferred outside of the EEA at the request of the KYC Client.
For Subscribers who are a resident of the EEA, in acceptance of these terms you are providing explicit consent to KYC for the processing of the Personal Data to comply with GDPR and that in giving your consent, and uploading the Personal Data, you are agreeing to the processing of the Personal Data by KYC for the purposes as set out in the sign-up form submitted to KYC, and that in giving such consent, your Personal Data may be transferred outside of the EEA to other companies within the KYC group for marketing purposes.
Amendments or Updates to this Privacy Statement
KYC reserves full rights to amend or update this Privacy Statement unilaterally from time to time as it sees fit or necessary to meet any change in any of the relevant laws or the regulatory environment, or business needs, or to satisfy the needs of stakeholders in the business. Updated versions will be posted to the KYC website and date stamped so that you are always aware of when the Privacy Statement was last updated. The whole content of this Privacy Statement will then be construed accordingly in conjunction with such amended or updated versions.