Last Updated: 22-May-2025
This Privacy Policy outlines how KYC2020 ("we", "our", or "us") collects, uses, maintains, and discloses information from individuals ("Users") who visit, interact with, or use our website at https://kyc2020.com (the "Site"), as well as any related services, features, or content we provide. This includes information collected directly from Users (referred to as “you” or “your”), automatically through their use of the Site (e.g., via cookies or analytics tools), or from third-party sources where permitted by law. The term “you” or “your” also includes individuals who may not be direct users of our Site or services, but whose personal information we collect from publicly available sources such as news articles or watchlists in our role as a data controller. By accessing or using the Site, Users agree to the terms of this Privacy Policy.
At KYC2020, we treat privacy as an important part of our product and service design. Our goal is to comply with data protection laws such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) and provide meaningful transparency into how we handle personal information where we act as the controller of Users personal information. KYC2020 holds SSAE 21, SOC 2 Type 2 certification, which are part of the Service Organization Control framework developed by the American Institute of Certified Public Accountants (AICPA). These certifications establish rigorous standards for auditing, securely storing, and processing Users data by third-party service providers on behalf of Users.
I . KYC2020 is a Data Processor where we receive Personal Information from Users to process personal data on behalf of the Users for the purposes of providing Anti-Money Laundering and related services to the Users. These instances are:
We are not responsible for the data privacy practices of our Users, which may differ from ours. If you have any questions about our Users’ data privacy practices, we encourage you to contact them directly.
We are neither informed nor responsible for actions, practices, or decisions of the Users as it relate to the use of our services to accept or deny an individual or entity. Use of our services is only upon acceptance by Users of our end-users license agreement and terms of our service with disclaimers that include: 1) The search technologies as well as the Data we aggregate are prone to error and may result in false positives and false negatives depending on many factors that may not be in the control of KYC2020. 2) The news Data we process and read is done via Natural Language Processing (NLP), including models for sentiment and context analysis, and name/entity recognition. These models are prone to false positives where articles with negative keywords may not actually be a negative or crime related article, the name screened may not be the prime actor or even associated with the news article, or other failures in our use of NLP, and 3) It is the responsibility of the Users (Customer) to review all outcomes and be solely responsible for making decisions to include or deny any individual or entity. If you have any issues with a Users’ use of our services or feel that you have been unfairly denied or profiled, we encourage you to contact them directly.
II . KYC2020 is a Data Controller where we receive Personal Information directly from you/with your permission. These instances are:
III . KYC2020 is a Data Controller where we collect and process Personal Information directly from public, government, and news sources to build our anti-money laundering, sanctions, and adverse media watchlist data. These instances are:
From time to time, we will update this Privacy Policy to include additional information about our privacy practices related to a specific activities KYC2020 undertakes.
We may collect or receive personal information from the following categories of individuals or sources:
Activity | Description | Data Collected |
---|---|---|
Data Collected | During the recruitment process, we gather few details. | Name, CV/Resumes, References. |
Purpose of Use | This data is used for some purposes |
|
Legal Basis for Processing | We rely on Consent as the legal ground. | Where you voluntarily provide us with personal information, we process it based on your consent. You may withdraw your consent at any time. |
Data Access | We do share the data internally. | Accessible internally to authorized members of the KYC2020 recruitment team. |
Activity | Description | Data Collected |
---|---|---|
Data Collected | We manage employment data including: |
|
Purpose of Use | This data is used for some purposes |
|
Legal Basis for Processing | We rely on Contractual Necessity as the legal ground. | Data is handled to fulfil obligations in the employment contract and for operational HR needs. |
Data Access | We do share the data internally. | Information is shared only within the internal KYC2020 HR and operations teams. |
Activity | Description | Data Collected |
---|---|---|
Data Collected | When users submit information via forms or service inquiries, we collect: |
|
Purpose of Use | This data is used for some purposes |
|
Legal Basis for Processing | We rely on Consent as the legal ground. | Processing is based on user consent for communications or marketing. Consent can be withdrawn via email or unsubscribe link or by contacting us directly at [email protected] |
Data Access | We do share the data internally and externally. |
|
Activity | Description | Data Collected |
---|---|---|
Data Collected | Data Collected Automatically |
|
Purpose of Use | This data is used for some purposes | This data is analyzed to improve the site's functionality, structure, and relevance for visitors. |
Legal Basis for Processing | We rely on Consent as the legal ground. | Users provide consent via the cookie banner. Settings can be adjusted anytime. |
Data Access | We do share the data internally. | Handled by the internal web and analytics team at KYC2020. |
Activity | Description | Data Collected |
---|---|---|
Data Collected | Data is collected from public and official sources |
|
Purpose of Use | This data is used for some purposes |
|
Legal Basis for Processing | We rely on Legal Requirement as the legal ground. | Data processing is essential for compliance with AML and sanctions regulations. |
Data Access | We do share the data internally and externally. |
|
Activity | Description | Data Collected |
---|---|---|
Data Collected | Data is collected from public and official sources |
|
Purpose of Use | This data is used for some purposes |
|
Legal Basis for Processing | We rely on Consent and Contract Performance as the legal ground. |
Consent: For prospects and marketing communications. Contract Performance: For existing vendors and clients as part of business agreements |
Data Access | We do share the data internally and externally. | Shared internally with relevant KYC2020 staff involved in sales, vendor management, and service delivery. |
Processing Activity | Role of KYC2020 | Lawful Basis | Data Subject Rights |
---|---|---|---|
Prospect and Client Data through KYC2020 Website | Controller | Consent | Not applicable, as the data processed relates to business entities rather than individuals. |
Watchlist Database | Controller | Legal Obligation (AML Compliance) | Right of Access is applicable. Other rights are limited under GDPR Article 23 due to AML regulations. |
Screening Engine | Data Processor (under Contract/EULA) | Performance of Contract under the KYC2020 EULA with acceptance of our Service Disclaimers. | Not applicable, as KYC2020 acts on behalf of clients and processes business-related data. |
Where the processing is based on Users’ consent, they have the right to withdraw their consent at any point in time. Please note that the withdrawal of consent result in us not being able to continue offering our services to Users. We reserve the right to withdraw or cease our services to Users upon your withdrawal. Users may withdraw consent by contacting us with a written request to the contact details specified below in the ‘Contact Us’ section.
Where we collect and process data from public sources to create our Global Watchlist Database for Sanction, PEP, and Adverse Media Screening, the following section provides the GDPR Rights Applicability.
GDPR Right | Applicability |
---|---|
Right of Access (Art. 15) | Yes – Subject to limitations (e.g., anti-tipping-off). Ensures transparency and accountability even for AML-related processing. |
Right to Rectification (Art. 16) | Not applicable – Data originates from official public sources; KYC2020 is not responsible for its accuracy and is not required to modify third-party data. |
Right to Erasure (Art. 17) | Generally overridden by legal obligations under AML regulations. |
Right to Object (Art. 21) | Not applicable – Processing is based on legal obligation. |
Right to Restrict Processing (Art. 18) | Not applicable – Restriction must not conflict with AML laws. |
Right to Data Portability (Art. 20) | Not applicable – Data is not processed on the basis of consent or a contract with the data subject. |
As a data processor, we are not responsible for responding directly to data subject requests that come from the User’s end-user. However, in accordance with applicable data protection laws, we are required to assist the User in responding to such requests, to the extent reasonably possible and appropriate to the nature of our processing activities.
To exercise your rights per GDPR, please contact us at [email protected]. We will process such requests in accordance with GDPR timelines and requirements.
You may also contact KYC2020 Support at [email protected].Users may update their preferences for email communications, by clicking the unsubscribe link found in the specific email from us.For questions or issues with how Users use our data or screening services in conjunction with other data and services, or review and clear false positives from technologies that are prone to errors, or make decisions to accept or deny for any purpose, please directly contact the User.
We adopt appropriate data collection, storage, and processing practices, as well as security, measures to protect against unauthorized access, alteration, disclosure or destruction of personal information, username, password, transaction information and data stored on our Site. Sensitive and private data exchange between the Site and its Users happens over an SSL-secured communication channel and is encrypted and protected with digital signatures.
We do not sell, trade, or lease our mailing lists including personal identification information to others, and we will not share Users personal information to any unaffiliated parties, except as follows:
For the purposes of the Services, we use automated data collection tools such as Cookies to collect certain information. “Cookies” are small text files that are placed on Users’ devices by a Web server when they access our Services.
The categories of cookies used are:
Users have the option of blocking or not allowing cookies, which is provided for by our cookie banner asking Users which type of cookie they wish to enable.
For more details about how we use these technologies, please see our Cookie Policy.
We retain personal data only as long as necessary to fulfil the purposes for which it was collected or as required by applicable laws. Upon request, and where legally permissible, we will delete or anonymize personal data.
Protecting the privacy of the very young is very important. For that reason, we never collect or maintain information at our Site from those we actually know are under 13, and no part of our website is structured to attract anyone under 13.
We employ industry-standard security measures to protect Users’ personal data from unauthorized access, disclosure, alteration, and destruction. These measures include encryption, firewalls, and regular security assessments. While we strive to protect Users’ personal data, no method of data transmission or storage is completely secure, and we cannot guarantee absolute security.
Users may find advertising or other content on our Site that link to the sites and services of our partners, suppliers, advertisers, sponsors, licensors and other third parties. We do not control the content or links that appear on these sites and are not responsible for the practices employed by websites linked to or from our Site. In addition, these sites or services, including their content and links, may be constantly changing. These sites and services may have their own privacy policies and customer service policies. Browsing and interaction on any other website, including websites which have a link to our Site, is subject to that website’s own terms and policies.
If Users are using our services to process personal data on behalf of others (e.g., their customers or end-users), they are responsible for ensuring that they have obtained the necessary consents or legal basis to transfer and process personal data on servers located in the United States. By using our services, Users represent and warrant that their data collection, use, and sharing practices comply with all applicable data protection laws and regulations, including GDPR if applicable.
Additionally, per our End-Users License Agreement (EULA), the Users using our services acknowledge and accept the KYC2020 Service Disclaimer that A PASS, FAIL, CLEAR, VERIFY, HIT, NO HIT, or any other designation, recommendation, or outcome from a KYC2020 service or software is simply an identification as to whether the search subject has likely appeared in the lists or news identified by KYC2020. The search technologies as well as the Data are prone to error and may result in false positives and false negatives depending on many factors that may not be in the control of KYC2020. It is the responsibility of the Customer to review all outcomes and be solely responsible for making decisions to include or deny any individual or entity. A subject’s inclusion on or removal from any of the searched lists is not in the control and is not the responsibility or liability of KYC2020.
We take reasonable measures to protect Users’ personal data and comply with applicable laws, but we do not warrant that our services are completely error-free or secure against all risks. By using our services, Users’ acknowledge and accept this limitation.
KYC2020 has the discretion to update this privacy policy at any time. When we do, we will revise the updated date at the bottom of this page. We encourage Users to frequently check this page for any changes to stay informed about how we are helping to protect the personal information we collect. You acknowledge and agree that it is your responsibility to review this privacy policy periodically and become aware of modifications.