Know Your Customer Limited
As of 31st March 2018
Our Privacy Statement
Know Your Customer Limited (“KYC”) is subject to the EU General Data Protection Regulation (“GDPR”) and the Hong Kong Data (Privacy) Ordinance, and amendments thereto (“PDPO”).
This Privacy Statement explains how, applying the applicable data protection principles under the GDPR and PDPO, we collect and process personal data for third parties (“KYC Client” or “KYC Clients”). For the purposes of the GDPR those third parties are deemed data controllers and for the purposes of PDPO those third parties are deemed data users.
The KYC Clients have engaged the services of KYC to provide identity verification services and assist in the collation of due diligence documentation on the KYC Clients prospective and existing customers (the “Customer” or “Customers”), when the KYC Clients Customers provide their personal data to us through the submission of information, forms or documents (in whatever format) through an upload to our website, use of our mobile application or otherwise.
Personal Data we process enables us to identify the Customers either directly or indirectly by reference to an identifier. Examples of identifiers we process are name, identification number, location data, an online identifier or one or more factors relating specific to the economic, cultural or social identity of the natural person (“Personal Data”).
KYC is a data processor which means that we process Personal Data on behalf of the KYC Clients. Dependent upon the checks that KYC has been engaged by the KYC Client to undertake, KYC may use sub-processors. Prior to working with any sub-processor, KYC ensures that they comply with the GDPR, the PDPO or any other relevant data protection legislation that may be applicable.
The result of the Customer’s verification process, as well as all details and documents provided by Customers to the KYC Clients via the KYC website, mobile application or otherwise are available solely to the KYC Client with whom the Customer is engaging and the Personal Data is provided as part of the KYC Client’s collation and evaluation of due diligence documentation on potential new and existing Customers to comply with applicable International Anti Money Laundering legislation. KYC does not have access to, store or retain any Customer Personal Data.
For the purposes of GDPR, it should be noted that dependent upon the location of the KYC Client, and the Anti Money Laundering legislation with which they must comply, Personal Data may be transferred or accessed outside the European Economic Area (“EEA”) at the request of the KYC Client.
For Customers who are not resident within the EEA, you should note that if the KYC Client you are engaged with is resident in a country other than your country of residence, there is a possibility you’re your Persona Data will be transferred outside your country of residence. You should consult with the relevant contact at the KYC Client for further details in relation to jurisdictions used for the transfer of your Personal Data.
Purpose of Collection, Processing and Disclosure
The Personal Data provided by Customers will be used by KYC for the purposes of processing for any one or more of the following purposes:
- To enable the KYC Clients to identify and/or verify the identity of the Customers in accordance with applicable International Anti Money Laundering regulations;
- To disclose to the KYC Clients by way of restricted access to the solution, to enable them to verify the identity of their Customers in accordance with applicable International Anti Money Laundering regulations;
- For any other specific purposes requested by the KYC Clients for which their Customers have given specific consent; or
- To comply with legal and regulatory obligations applicable to the KYC Clients.
KYC undertakes to adhere to best practice in terms of security of the Personal Data collected. All systems use a Role Based Access Control with enforced multi-factor authentication. All data at rest is secured using 256 bit AES encryption as well as SSL/TLS is used for data in transit.
A cookie is a piece of information in the form of a very small text file that is placed on an internet user’s hard drive. It is generated by a web page server, which is basically the computer that operates a web site. The information the cookie contains is set by the server and it can be used by that server whenever the user visits the site. A cookie can be thought of as an internet user’s identification card, which tell a web site when the user has returned.
Access to Information
Customers have a right of access to their Personal Data. KYC does not retain any data in respect of Customers that it has processed for KYC Clients. Customers have the right to amend and rectify any inaccuracies in their Personal Data processed by KYC by either making a request to the relevant contact at the KYC Client or by e-mail addressed to the Data Protection Officer at DataProtection@knowyourcustomer.com. Alternatively requests may be made in writing and sent to:
The Data Protection Officer
Know Your Customer Limited
6/F, Wyndham Place
40-44 Wyndham St.
Acceptance of Terms
Please note that by downloading, installing or using our mobile application for the upload of Personal Data, or by uploading Personal Data via a KYC webpage you are accepting the practices described in this Privacy Statement and agree to the processing of your Personal Data by KYC as described in this document.
If you are a resident of the EEA acceptance of these terms you are providing explicit consent to KYC for the processing of the Personal Data to comply with GDPR and that in giving your consent, and uploading the Personal Data, you are agreeing to the processing of the Personal Data by KYC for the purposes as set out in the contract, agreement, application form or such other document as may be relevant and entered into between you and the KYC Client and that in giving such consent, your Personal Data may be transferred outside of the EEA at the request of the KYC Client.
Amendments or Updates to this Privacy Statement
KYC reserves full rights to amend or update this Privacy Statement unilaterally from time to time as it sees fit or necessary to meet any change in any of the relevant laws or the regulatory environment, or business needs, or to satisfy the needs of stakeholders in the business. Updated versions will be posted to the KYC website and date stamped so that you are always aware of when the Privacy Statement was last updated. The whole content of this Privacy Statement will then be construed accordingly in conjunction with such amended or updated versions.