Read how KYC2020 empowers
Canadian MSBs to stay FINTRAC-ready.

Privacy Policy

Home/Privacy Policy

Last Updated: 28-May-2026

KYC2020 | PRIVACY POLICY

This Privacy Policy outlines how KYC2020 (“we”, “our”, or “us”) collects, uses, maintains, and discloses information from individuals (“Users”) who visit, interact with, or use our website at https://www.kyc2020.com (the “Site”), as well as any related services, features, or content we provide.

At KYC2020, we treat privacy as an important part of our product and service design. Our goal is to comply with data protection laws such as GDPR and CCPA. KYC2020 holds the SOC 2 Type 2 certification, establishing rigorous standards for auditing, secure storage, and processing.

SOC 2 Type II

Data Privacy Framework Certification & Compliance Notice

KYC2020 LLC complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. KYC2020 LLC has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. KYC2020 LLC has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this Privacy Policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.

To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

Independent Recourse Mechanism

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, KYC2020 LLC commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs), the UK Information Commissioner’s Office (ICO), and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF.

FTC Enforcement

KYC2020 LLC is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

Disclosure of Personal Information

KYC2020 LLC may disclose personal information to trusted third-party service providers, contractors, affiliates, cloud hosting providers, compliance and identity verification providers, analytics providers, infrastructure providers, payment processors, and customer support providers for purposes related to identity verification, AML/KYC compliance, fraud prevention, security, analytics, platform operations, payment processing, and service delivery.

KYC2020 LLC may also disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Individual Rights and Choices

Individuals may request access to personal information that KYC2020 LLC maintains about them and may request correction, amendment, deletion, or limitation of use of their personal information where such information is inaccurate or processed in violation of the applicable Data Privacy Framework Principles.

KYC2020 retains personal data only for as long as instructed by the Data Controller or as necessary to fulfil legal obligations. Individuals in the EU, UK, and Switzerland with inquiries or complaints regarding our handling of personal data should first contact KYC2020 at: [email protected].

Accountability for Onward Transfers

KYC2020 LLC remains responsible and liable under the Data Privacy Framework Principles if third-party agents that it engages to process personal data on its behalf do so in a manner inconsistent with the Principles, unless KYC2020 LLC proves that it is not responsible for the event giving rise to the damage.

Binding Arbitration

Under certain conditions, individuals may invoke binding arbitration for complaints regarding DPF compliance not resolved by any of the other DPF mechanisms. Additional information regarding binding arbitration may be found in Annex I of the Data Privacy Framework Principles.

For the purposes of applicable data regulation

I. KYC2020 is a Data Processor

When we process personal data on behalf of Users for AML/CTF services:

  • Processing data containing personal information of Users’ end-users.

II. KYC2020 is a Data Controller (Direct Collection)

When we collect information directly from you:

  • Individuals visiting the Site.
  • Business contacts, employees, vendors, and partners.

III. KYC2020 is a Data Controller (Public Sources)

When collecting public data for watchlists:

  • Sanctions, warnings, fitness & probity
  • Politically exposed persons (PEPs)
  • Adverse media
  • Corporate registry information

Information We Collect and Use

Job Applicants

DescriptionData CollectedPurposeLegal Basis
Contact & assess candidatesName, CV/Resumes, ReferencesEvaluate applicationConsent

Website Visitors

DescriptionData CollectedPurposeLegal Basis
Collect browsing data via cookiesPage views, IP address, device specsAnalyze traffic, improve UXConsent (Cookie Banner)

AML/CTF Screening Data

DescriptionData CollectedPurposeLegal Basis
Public data from official sourcesSanctions, PEPs, Adverse Media, Corporate RegistryBuild watchlists for compliance screeningLegal Obligation (AML/CTF)

GDPR Rights Applicability (Watchlist Database)

GDPR RightApplicability
Right of AccessYes (Subject to anti-tipping-off limitations)
Right to RectificationNot applicable (Data from official public sources)
Right to ErasureGenerally overridden by legal obligations

To exercise your rights per GDPR, please contact us at [email protected].

Data Security

We implement appropriate technical and organizational measures to safeguard Users’ personal data. Sensitive data exchange happens over HTTPS/SSL secured channels.

Data Retention

We retain personal data only for as long as instructed by the Data Controller or as necessary to fulfil legal obligations.

Cookies

We use Necessary, Performance, and Targeting cookies. Users have the option of blocking cookies via our banner.

Contact Information

For questions or concerns, please contact us via email at:
[email protected]

KYC2020 has the discretion to update this privacy policy at any time. We encourage Users to frequently check this page for any changes.